Security researcher Ulf Frisk reports that patches to handle the Meltdown processor flaw on Windows 7 (64-bit) and Windows Server 2008 R2 machines crafted a far greater vulnerability. He claims a new flaw allows any way to read everything stored in memory "at gigabytes per second." In addition it allows begin enlarging write to arbitrary memory without "fancy exploits."
"Windows 7 already did tough work of mapping while in the required memory into every running process," Frisk states. "Exploitation was simply a matter of read to already mapped in-process virtual memory. No fancy APIs or system calls required - just standard read!"
Because of the volume of data saved in memory may be very large and complicated, Windows PCs track data using addresses on virtual and physical "maps" or "pages." The reported problem resides which also has a four-level in-memory page table hierarchy the processor's Memory Management Unit uses to translate the virtual addresses of internet data into physical addresses stored in the system memory.
As documented in Frisk, Windows 7 and Windows Server 2008 R2 feature a self-referencing entry onpage Map Level 4 (PML4) in virtual memory by way of a fixed address. This address is only made available to the operating system's lowest, safest level: The kernel. Only processes which includes a "supervisor" permission have access to that fact address as well as the data in this particular table.
But Microsoft's Meltdown patches released at the start of 2018 set the permission to "user." Is the right all processes and applications can access all data placed in memory, even data only intended to be used by the operating system.
"Once read/write access has been gained about the page tables it's trivially easy to gain access into your complete physical memory, unless it is also protected by Extended Page Tables (EPTs) put to use in Virtualization," Frisk writes. "All one must do is generally to write their own personal Page Table Entries (PTEs) throughout the page tables to access arbitrary physical memory."
To prove this discovery, Frisk added a strategy to exploit the vulnerability - a memory acquisition device - within PCLeech direct memory access toolkit. However when you're trying to test the vulnerability for the Windows 7 or Windows Server 2008 R2 machine updated on March Patch Tuesday, you're at a complete loss. Microsoft switched the PML4 permission straight into "supervisor" as part of the company's blanket of security fixes for any month.
The memory problem surfaced after Microsoft distributed its Meltdown and Spectre security fixes from your January Patch Tuesday update. Windows 7 (64-bit) and Windows Server 2008 R2 machines together with the February Patch Tuesday updates are frequently vulnerable. Devices with Windows 10 and Windows 8.1 might not be vulnerable.
In any event, Windows 7 and Windows Server 2008 R2 devices owners must update their machines with more recent patches distributed in March. But Frisk notes he or she discovered the vulnerability after Microsoft's March Patch Tuesday update, that has not been able to "correlate the vulnerability to known CVEs or some other known issues."
:: بازدید از این مطلب : 1001
|
امتیاز مطلب : 0
|
تعداد امتیازدهندگان : 0
|
مجموع امتیاز : 0