Wasn't it hilarious when Microsoft released a patch for the Meltdown flaw that made things even worse by allowing write access to kernel memory as well as read access? Well, if you haven't the patch which fixes the patch in place you won't be laughing so hard today. The Register has seen proof of concept code which makes use of this flaw to elevate a DOS shell window to NT AUTHORITYSystem from a user without admin privileges. Get yourself patched up, especially that Server 2008 instance!
"If you're not up-to-date with your Intel CPU Meltdown patches for Windows 7 or Server 2008 R2, get busy with that, because exploit code for Microsoft's own-goal flaw is available."
Here is some more Tech News from around the web:
- E-waste warrior slapped with 15-month sentence for flogging Windows restore discs @ The Inquirer
- Windows 10 April 2018 Update is Coming On April 30 @ Slashdot
- Google Updates: Apps gone free, Chrome gone curvy, Play Music… gone? @ The Inquirer
- Apple debugs debugger, nukes pesky vulns in iOS, WebKit, macOS @ The Register
- Ubuntu 18.04 LTS arrives with Gnome desktop, Kuberflow and Nvidia GPU acceleration @ The Inquirer
- In a touching Monty Python tribute today, Microsoft's Office 365 makes everything spam @ The Register
- Intel delays 10nm chips yet again as firm suffers 'yield issues' @ The Inquirer
- Noise from blast of gas destroys Digiplex data depot disk drives @ The Register
That patch(To Fix The Eariler
That patch(To Fix The Eariler Patch) came out late march/2018 and only folks that had not applied a separate patch to WSUS did not see the late March/2018 patch listed under WSUS.
AND M$ has really F–Ked things up lately so now folks are even more confused. And reporters need to start listing things more by KB numbers in addition to the CVE/other vulrenability number listings as when downloading patches from the windows update catalog updates(Securty/others) are listed/searched by KB number.
So its SNAFU all over again from the folks in Redmond.
The technology press with their lazy reporting of the issues and not including the KB number of the latest patch available that fixes the issue are just as bad.
If there is a patch(KB#) that directly fixes any older Patch(KB#) the the press needs to list the old patch’s KB# and the New Patch’s KB# that is there to patch the older patch. So Folks can make sure that the old patch has even been installed and If that old patch needs to be installed before the new patch is installed should be mentioned also.
That all patches in one KB nonsence that M$ forced on Windows 7 and 8.1 users has only made things worse because I’m only installing patches directly from the windows update catalog and only the monthly security only quality updates that hopefully are spyware free. And I’m only updating Windows 7(monthly sec only quality update) and IE11(cummulative monthly Sec update) and I have not been updating .Net/other things at all.
Individual Updates was the better way but M$ was less able to slip/backport all that 10 style spyware/telemetry into 7, 8.1 when updates came via windows update individually.