CVE-2017-5754 Microsoft Patch for Meltdown Turns Out Buggy
THREAT REMOVAL

CVE-2017-5754 Microsoft Patch for Meltdown Turns Out Buggy

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Instead of fixing things, the patch Microsoft released for the Meltdown bug as part of the January 2018 Patch Tuesday – CVE-2017-5754 – caused further issues on Windows 7. The faulty patch allows user-level apps to read content from the kernel of the operating system. It even allows these apps to write data to the kernel memory, researchers say.

Related Story: CVE-2018-0878 in Windows Remote Assistance Discovered

CVE-2017-5754 Official Description

Via MITRE:

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.

The issue was discovered by Sweidish expert Ulf Frisk while he was working on a specific device for carrying out Direct Memory Access attacks and dumping protected OS memory. The device is called PSILeech and is available on
GitHub.

According to the researcher, the CVE-2017-5754 patch flipped a bit that controls the access permission for kernel memory. This is what the researcher explained in a blog post:

In short – the User/Supervisor permission bit was set to User in the PML4 self-referencing entry. This made the page tables available to user mode code in every process. The page tables should normally only be accessible by the kernel itself. The PML4 is the base of the 4-level in-memory page table hierarchy that the CPU Memory Management Unit (MMU) uses to translate the virtual addresses of a process into physical memory addresses in RAM.

Related Story: CVE-2018-0886 Critical Flaw Affects All Windows Versions

Is the CVE-2017-5754-Induced Issue Fixed?

Apparently, Microsoft went ahead and fixed the bug within the bug fix in March 2018 Patch Tuesday. Please note that the issue only affected the 64-bit versions of Windows 7 and Windows Server 2008 R2, according to Frisk. The bug was fixed by flipping the PML4 permission bit back to its original value.

If you’re a Windows 7 user, please make sure you have installed the January batch of fixes as well as the March Patch Tuesday.

Avatar

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...