Meltdown and Spectre were the biggest inventions of the security flaws to date. They simply shook the world of cyber security to the roots. These are caused by hardware issues of the modern chipsets. Microsoft has released patches for these bugs, but the patches itself are in danger now.
Recently, a serious vulnerability has been found in the Microsoft patch for Meltdown. For a quick reminder, meltdown removes the barrier of memory and allows access to other apps’ memory locations unauthorized. You can check out the original nature of Meltdown here.
According to Alex Ionescu, a security researcher from cyber-security firm Crowdstrike, the patch allowed bypassing the security barrier and take the advantage of the chipset flaws for stealing information. Almost all the Microsoft Windows 10 versions are infected with the vulnerability, except the latest Windows 10 Redstone 4 (v1803). It seems like Microsoft has fixed the vulnerability in the latest update.
Old Windows 10 systems are still running the bypass-able patch for Meltdown. Instead of backporting the update faster, Microsoft has released another new update for the Windows Host Computer Service Shim (hcsshim) library flaw (CVE-2018-8155) that allowed a hacker execute remote code in the vulnerable system. The updated version of the “hcsshim” is available on GitHub.
How to Stay Secured
If you’re a Windows 10 user, make sure to update to the latest version – v1803. Microsoft is already working with the backport updates. According to our assumption, the patch may arrive in May 2018 Patch Tuesday, but it’s just a speculation.