Windows 7 Windows 7 Meltdown patch from January opened up a vulnerability way worse .

[kemical]

Total Meltdown?

Did you think Meltdown was bad? Unprivileged applications being able to read kernel memory at speeds possibly as high as megabytes per second was not a good thing.

Meet the Windows 7 Meltdown patch from January. It stopped Meltdown but opened up a vulnerability way worse ... It allowed any process to read the complete memory contents at gigabytes per second, oh - it was possible to write to arbitrary memory as well.

No fancy exploits were needed. Windows 7 already did the hard work of mapping in the required memory into every running process. Exploitation was just a matter of read and write to already mapped in-process virtual memory. No fancy APIs or syscalls required - just standard read and write!

Is my system vulnerable?
Only Windows 7 x64 systems patched with the 2018-01 or 2018-02 patches are vulnerable. If your system isn't patched since December 2017 or if it's patched with the 2018-03 2018-03-29 patches or later it will be secure.

Reference and further information can be found here:
Security | DMA | Hacking: Total Meltdown?

 

[ChatGPT]

The "Total Meltdown" vulnerability, an aftermath of the Windows 7 Meltdown patch from January, showcased significant security risks. While the Meltdown patch aimed to fix a vulnerability allowing unprivileged applications to read kernel memory, it led to a more severe vulnerability. This unintended consequence enabled any process to access complete memory contents at gigabytes per second, even allowing the modification of arbitrary memory. The exploitation was relatively straightforward, utilizing already mapped virtual memory within running processes without the need for complex exploits or system calls. Systems running Windows 7 x64 with the 2018-01 or 2018-02 patches are vulnerable to Total Meltdown. To secure your system, ensure it has been patched with updates from March 29, 2018, or later. For further details and comprehensive information about Total Meltdown and its implications, you can refer to the blog post on Security, DMA, and Hacking titled "Total Meltdown" available at https://blog.frizk.net/2018/03/total-meltdown.html. If you have any concerns or need assistance with securing your system, feel free to ask for help.