Building a slide deck, pitch, or presentation? Here are the big takeaways:
- The source code for the Total Meltdown vulnerability is now on GitHub, putting 64-bit versions of Win7 and Server 2008 R2 at risk.
- Users that have the KB 4100480, 4093108 or 4093118 patches installed, or have not completed any 2018 updates, should be safe from Total Meltdown.
The source code for Total Meltdown, a vulnerability created when Microsoft tried to patch the initial Meltdown flaw, is now available on GitHub.
A person known as XPN, whose blog lists them as a hacker and infosec researcher, posted details of a working exploit that takes advantage of Total Meltdown on Monday. In addition to that blog post, the source code for the exploit is now on GitHub, too.
In the blog post, XPN describes Total Meltdown as a “pretty awesome” vulnerability in that it allows “any process to access and modify page table entries.” XPN also noted that the goal was to create an exploit that could “elevate privileges during an assessment,” but it was only to help other people understand the exploitation technique, not to create a ready-to-use attack.
SEE: System update policy (Tech Pro Research)
For those unfamiliar, Total Meltdown was originally created from a botched patch Microsoft issued for the original Meltdown flaw–of the Spectre/Meltdown fame. Whereas the original Meltdown flaw was read-only, Total Meltdown also provides write access.
If you’re worried about XPN’s exploit, or any issues with Total Meltdown, it should be noted that it only affects 64-bit versions of Win7 and Server 2008 R2. As noted by the Woody on Windows column in Computerworld, the following patches introduced Total Meltdown:
- KB 4056894
- KB 4056897
- KB 4073578
- KB 4057400
- KB 4074598
- KB 4074587
- KB 4075211
- KB 4091290
- KB 4088875
- KB 4088878
- KB 4088881
To protect against the XPN exploit, the blog noted that Microsoft’s patch for CVE-2018-1038 can be found here.
However, to tell if you’re protected from Total Meltdown, you’ll have to check your patch history. If you have no patches from 2018, you should be good, according to Woody on Windows. But if you do have patches, and have KB 4100480, 4093108, or 4093118 installed, you should also be protected. Without those, Woody on Windows noted, you’ll need to rollback your machine, manually install KB 4093108, or use “Windows Update to install all of the checked April Windows patches.”
At the time of this writing there were no exploits for Total Meltdown in the wild. However, with the code so easy to find, that might all change very soon.