X

Tech

Home Tech Security

IT must patch against Total Meltdown now: The source code is on GitHub

A patch for Meltdown created an even bigger flaw for 64-bit Win7 and Server 2008 R2. Now, it's freely available.

Written by Conner Forrest, Contributor April 26, 2018 at 6:11 a.m. PT

The source code for Total Meltdown, a vulnerability created when Microsoft tried to patch the initial Meltdown flaw, is now available on GitHub.

A person known as XPN, whose blog lists them as a hacker and infosec researcher, posted detailsof a working exploit that takes advantage of Total Meltdown on Monday. In addition to that blog post, the source code for the exploit is now on GitHub, too.

In the blog post, XPN describes Total Meltdown as a "pretty awesome" vulnerability in that it allows "any process to access and modify page table entries." XPN also noted that the goal was to create an exploit that could "elevate privileges during an assessment," but it was only to help other people understand the exploitation technique, not to create a read-to-use attack.

SEE: System update policy (Tech Pro Research)

For those unfamiliar, Total Meltdown was originally created from a botched patch Microsoft issued for the original Meltdown flaw--of the Spectre/Meltdown fame. Whereas the original Meltdown flaw was read-only, Total Meltdown also provides write access.

If you're worried about XPN's exploit, or any issues with Total Meltdown, it should be noted that it only affects 64-bit versions of Win7 and Server 2008 R2. As noted by the Woody on Windows column in Computerworld, the following patches introduced Total Meltdown:

KB 4056894
KB 4056897
KB 4073578
KB 4057400
KB 4074598
KB 4074587
KB 4075211
KB 4091290
KB 4088875
KB 4088878
KB 4088881

To protect against the XPN exploit, the blog noted that Microsoft's patch for CVE-2018-1038 can be found here.

However, to tell if you're protected from Total Meltdown, you'll have to check your patch history. If you have no patches from 2018, you should be good, according to Woody on Windows. But if you do have patches, and have KB 4100480, 4093108, or 4093118 installed, you should also be protected. Without those, Woody on Windows noted, you'll need to rollback your machine, manually install KB 4093108, or use "Windows Update to install all of the checked April Windows patches."

At the time of this writing there were no exploits for Total Meltdown in the wild. However, with the code so easy to find, that might all change very soon.

Also see:

Special report: Cybersecurity in an IoT and mobile world (free PDF) (TechRepublic)
Meltdown-Spectre amplifies call for new hardware-software contract (ZDNet)
Fileless malware: The smart person's guide (TechRepublic)
Meltdown and Spectre response hampered by 'exclusive club' secrecy (ZDNet)
Total Meltdown: How Microsoft's Meltdown patch created an even bigger flaw for hackers(TechRepublic)

This article was originally published on TechRepublic.

Editorial standards

Show Comments

Related

Curtains in a bedroom

The best soundproof curtains you can buy

Jessica Rosenworcel, Chairwoman of the Federal Communications Commission

The FCC restores net neutrality - here's what it means for the internet

Image of two hands holding a phone while turning on the VPN

The best mobile VPNs: Expert tested