Friday , 27 April 2018
Home >> S >> Security >> Windows rags for Total Meltdown, bluescreens, an IP capsule — and small documentation

Windows rags for Total Meltdown, bluescreens, an IP capsule — and small documentation

As many of us were removing prepared for a holiday weekend, after a warn proclamation about Windows being ripped into 3 pieces, Microsoft shoveled nonetheless another bucket of rags out a Automatic Update chute. Think of it as a module homogeneous of a Friday night news dump.

A mortal repair for Total Meltdown

KB 4100480 kicked off a dual days from patching limbo with a Windows 7/Server 2008R2 heart refurbish for CVE-2018-1038, a “Total Meltdown” bug Microsoft introduced in Win7 behind in January. Total Meltdown, we might recall, is a outrageous confidence hole implemented by all of these Microsoft confidence patches:

  • KB 4056894 Win7/Server 2008 R2 Jan Monthly Rollup.
  • KB 4056897 Win7/Server 2008 R2 Jan Security-only patch.
  • KB 4073578 Hotfix for “Unbootable state for AMD inclination in Windows 7 SP1. and Windows Server 2008 R2 SP1” bug commissioned in a Jan Monthly Rollup and Security-only patches.
  • KB 4057400 Win7/Server 2008 R2 Preview of a Feb Monthly Rollup.
  • KB 4074598 Win7/Server 2008 R2 Feb Monthly Rollup.
  • KB 4074587 Win7/Server 2008 R2 Feb Security-only patch.
  • KB 4075211 Win7/Server 2008 R2 Preview of a Mar Monthly Rollup.
  • KB 4091290 Hotfix for “smart label formed operations destroy with blunder with SCARD_E_NO_SERVICE” bug commissioned in a Feb Monthly Rollup.
  • KB 4088875 Win7/Server 2008 R2 Mar Monthly Rollup.
  • KB 4088878 Win7/Server 2008 R2 Mar Security-only patch.
  • KB 4088881 Win7/Server 2008 R2 Preview of Apr Monthly Rollup.

If we commissioned any of those 11 rags on your Intel 64-bit Windows 7/Server 2008 R2 computer, we non-stop adult a gaping hole famous as “Total Meltdown,” or CVE-2018-1038, that allows any module using on your mechanism to run in heart mode. Yes, any program that’s using can review or write into any partial of memory.

Microsoft putrescent all of those machines to urge opposite a professionally marketed Meltdown/Spectre vulnerability, that has never, ever been seen in a wild. Kevin Beaumont (@GossiTheDog on Twitter) said it best:

==[ Click Here 1X ] [ Close ]==