With Microsoft's broken Meltdown mitigation in place, apps and users could now read and write kernel memory, granting total control over the system.
Clive Tyldesley: Goooooooooaaaaaaal!
Gary Taphouse: Actually, an own-goal, Clive!
If you're not up-to-date with your Intel CPU Meltdown patches for Windows 7 or Server 2008 R2, get busy with that, because exploit code for Microsoft's own-goal flaw is available. Microsoft issued an update in late March after Swedish researcher Ulf Frisk turned up what he dubbed “Total Meltdown.” The bug Frisk found was that …
Sorry, what I meant was...
Knowing that any patch has been rushed out, I held off patching.
So I have machines that potentially (if there are exploits in the wild) could have data exfiltrated from them. These machines aren't vulnerable to having admin-level command prompts invoked :-)
Has anyone seen a password-extracting exploit in the wild yet?
When this Meltdown madness started in January, I stopped updating my Win7 boxes. I continued in February and March after reading that Microsoft issues patch to patch the patches I had not installed.
I resumed only in April but not the cumulative patchball but only the "Security Only Update". And I still think that I was lucky.
Except if you get an unloaded cylinder, you have someone with another pistol behind your head for another go. When are Intel going to admit they screwed up seriously big time and give us all a new processor. My motherboard has a ZIF so its no big deal if they post me a new one. I have already spent several £K over the years on Intel Inside motherboards so it will only be a small dint in their overall profits. So what if Brian Krzanich doesn't get his megabuck bonus for a couple of years.
why i just set windows 10 to wait 15 days before installing patches when they become available (i am not beta testing windows 10 updates) as this is something you can do on windows 10 Pro (not home) if they brake something they norm pull the broken patch before it gets pushed out to me or any of my systems
i also have feature upgrades set to 150 days after they become available to Non targeted branch (aka CBB), targeted is the Beta tester branch that all home users are on
next thing they need to fix is why are windows 7 and 10 systems recently having issues where it Can't log into the local profile (uses the temporary profile until i log off and back on)