back to article Win 7, Server 2008 'Total Meltdown' exploit lands, pops admin shells

If you're not up-to-date with your Intel CPU Meltdown patches for Windows 7 or Server 2008 R2, get busy with that, because exploit code for Microsoft's own-goal flaw is available. Microsoft issued an update in late March after Swedish researcher Ulf Frisk turned up what he dubbed “Total Meltdown.” The bug Frisk found was that …

  1. Hans 1
    Facepalm

    With Microsoft's broken Meltdown mitigation in place, apps and users could now read and write kernel memory, granting total control over the system.

    Clive Tyldesley: Goooooooooaaaaaaal!

    Gary Taphouse: Actually, an own-goal, Clive!

    1. Locky

      I'm thinking more goooooooal

  2. Missing Semicolon Silver badge

    What about if you're paranoid?

    .. and didn't install any of the original mitigation patches? Any active exploits for that?

    1. phuzz Silver badge

      Re: What about if you're paranoid?

      If you're that paranoid why do you even use Windows in the first place maybe you should uninstall more patches, that'll make it more secure right?

      1. Missing Semicolon Silver badge

        Re: What about if you're paranoid?

        Sorry, what I meant was...

        Knowing that any patch has been rushed out, I held off patching.

        So I have machines that potentially (if there are exploits in the wild) could have data exfiltrated from them. These machines aren't vulnerable to having admin-level command prompts invoked :-)

        Has anyone seen a password-extracting exploit in the wild yet?

  3. Sureo
    Coat

    It makes sense that any patch could contain a flaw that requires another patch. For example, every month for a year Microsoft has sent me KB2952664.

  4. arctic_haze

    I had a hunch

    When this Meltdown madness started in January, I stopped updating my Win7 boxes. I continued in February and March after reading that Microsoft issues patch to patch the patches I had not installed.

    I resumed only in April but not the cumulative patchball but only the "Security Only Update". And I still think that I was lucky.

  5. JassMan
    Trollface

    It's all starting to sound like russian roulette

    Except if you get an unloaded cylinder, you have someone with another pistol behind your head for another go. When are Intel going to admit they screwed up seriously big time and give us all a new processor. My motherboard has a ZIF so its no big deal if they post me a new one. I have already spent several £K over the years on Intel Inside motherboards so it will only be a small dint in their overall profits. So what if Brian Krzanich doesn't get his megabuck bonus for a couple of years.

  6. leexgx

    why i just set windows 10 to wait 15 days before installing patches when they become available (i am not beta testing windows 10 updates) as this is something you can do on windows 10 Pro (not home) if they brake something they norm pull the broken patch before it gets pushed out to me or any of my systems

    i also have feature upgrades set to 150 days after they become available to Non targeted branch (aka CBB), targeted is the Beta tester branch that all home users are on

    next thing they need to fix is why are windows 7 and 10 systems recently having issues where it Can't log into the local profile (uses the temporary profile until i log off and back on)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like