Microsoft today issued Vulnerability-related.PatchVulnerability an emergency security update to correct Vulnerability-related.PatchVulnerability a security update it issued Vulnerability-related.PatchVulnerability earlier this month to correct Vulnerability-related.PatchVulnerability a security update it issued Vulnerability-related.PatchVulnerability in January and February . In January and February , Redmond emitted Vulnerability-related.PatchVulnerability fixes for Windows 7 and Server 2008 R2 machines to counter Vulnerability-related.PatchVulnerability the Meltdown chip-level vulnerability in modern Intel x64 processors . Unfortunately , those patches blew Vulnerability-related.PatchVulnerability a gaping hole in the operating systems : normal applications and logged-in users could now access and modify any part of physical RAM , and gain complete control over a box , with the updates installed . Rather than stop programs and non-administrators from exploiting Meltdown to extract Attack.Databreach passwords and other secrets from protected kernel memory , the fixes on Windows 7 and Server 2008 R2 instead granted full read-write privileges to system RAM . Roll on March , and Microsoft pushed out Vulnerability-related.PatchVulnerability fixes on Patch Tuesday to correct Vulnerability-related.PatchVulnerability those January and February updates to close Vulnerability-related.PatchVulnerability the security vulnerability it accidentally opened . Except that March update did n't fully seal Vulnerability-related.PatchVulnerability the deal : the bug remained in Vulnerability-related.DiscoverVulnerability the kernel , and was exploitable by malicious software and users . Total Meltdown Now , if you 're using Windows 7 or Server 2008 R2 and have applied Vulnerability-related.PatchVulnerability Microsoft 's Meltdown patches , you 'll want to grab and install Vulnerability-related.PatchVulnerability today 's out-of-band update for CVE-2018-1038 . Swedish researcher Ulf Frisk discovered Vulnerability-related.DiscoverVulnerability the January and February Meltdown mitigations for Win7 and Server 2008 R2 were broken , and went public Vulnerability-related.DiscoverVulnerability with his findings once the March Patch Tuesday had kicked off . As it turns out , this month 's updates did not fully fix Vulnerability-related.PatchVulnerability things , and Microsoft has had to scramble to remedy Vulnerability-related.PatchVulnerability what was now a zero-day vulnerability in Windows 7 and Server 2008 . In other words , Microsoft has just had to put out Vulnerability-related.PatchVulnerability a patch for a patch for a patch . Hardly inspiring stuff , but we suppose the old Microsoft adage remains true – never trust a Redmond product until version three at the earliest . On the other hand , writing kernel-level memory management code is an absolute bastard at times , so you have to afford the devs some sympathy .

Microsoft today issued Vulnerability-related.PatchVulnerability an emergency security update to correct Vulnerability-related.PatchVulnerability a security update it issued Vulnerability-related.PatchVulnerability earlier this month to correct Vulnerability-related.PatchVulnerability a security update it issued Vulnerability-related.PatchVulnerability in January and February . In January and February , Redmond emitted Vulnerability-related.PatchVulnerability fixes for Windows 7 and Server 2008 R2 machines to counter Vulnerability-related.PatchVulnerability the Meltdown chip-level vulnerability in modern Intel x64 processors . Unfortunately , those patches blew Vulnerability-related.PatchVulnerability a gaping hole in the operating systems : normal applications and logged-in users could now access and modify any part of physical RAM , and gain complete control over a box , with the updates installed . Rather than stop programs and non-administrators from exploiting Meltdown to extract Attack.Databreach passwords and other secrets from protected kernel memory , the fixes on Windows 7 and Server 2008 R2 instead granted full read-write privileges to system RAM . Roll on March , and Microsoft pushed out Vulnerability-related.PatchVulnerability fixes on Patch Tuesday to correct Vulnerability-related.PatchVulnerability those January and February updates to close Vulnerability-related.PatchVulnerability the security vulnerability it accidentally opened . Except that March update did n't fully seal Vulnerability-related.PatchVulnerability the deal : the bug remained in Vulnerability-related.DiscoverVulnerability the kernel , and was exploitable by malicious software and users . Total Meltdown Now , if you 're using Windows 7 or Server 2008 R2 and have applied Vulnerability-related.PatchVulnerability Microsoft 's Meltdown patches , you 'll want to grab and install Vulnerability-related.PatchVulnerability today 's out-of-band update for CVE-2018-1038 . Swedish researcher Ulf Frisk discovered Vulnerability-related.DiscoverVulnerability the January and February Meltdown mitigations for Win7 and Server 2008 R2 were broken , and went public Vulnerability-related.DiscoverVulnerability with his findings once the March Patch Tuesday had kicked off . As it turns out , this month 's updates did not fully fix Vulnerability-related.PatchVulnerability things , and Microsoft has had to scramble to remedy Vulnerability-related.PatchVulnerability what was now a zero-day vulnerability in Windows 7 and Server 2008 . In other words , Microsoft has just had to put out Vulnerability-related.PatchVulnerability a patch for a patch for a patch . Hardly inspiring stuff , but we suppose the old Microsoft adage remains true – never trust a Redmond product until version three at the earliest . On the other hand , writing kernel-level memory management code is an absolute bastard at times , so you have to afford the devs some sympathy .

Microsoft today issued Vulnerability-related.PatchVulnerability an emergency security update to correct Vulnerability-related.PatchVulnerability a security update it issued Vulnerability-related.PatchVulnerability earlier this month to correct Vulnerability-related.PatchVulnerability a security update it issued Vulnerability-related.PatchVulnerability in January and February . In January and February , Redmond emitted Vulnerability-related.PatchVulnerability fixes for Windows 7 and Server 2008 R2 machines to counter Vulnerability-related.PatchVulnerability the Meltdown chip-level vulnerability in modern Intel x64 processors . Unfortunately , those patches blew Vulnerability-related.PatchVulnerability a gaping hole in the operating systems : normal applications and logged-in users could now access and modify any part of physical RAM , and gain complete control over a box , with the updates installed . Rather than stop programs and non-administrators from exploiting Meltdown to extract Attack.Databreach passwords and other secrets from protected kernel memory , the fixes on Windows 7 and Server 2008 R2 instead granted full read-write privileges to system RAM . Roll on March , and Microsoft pushed out Vulnerability-related.PatchVulnerability fixes on Patch Tuesday to correct Vulnerability-related.PatchVulnerability those January and February updates to close Vulnerability-related.PatchVulnerability the security vulnerability it accidentally opened . Except that March update did n't fully seal Vulnerability-related.PatchVulnerability the deal : the bug remained in Vulnerability-related.DiscoverVulnerability the kernel , and was exploitable by malicious software and users . Total Meltdown Now , if you 're using Windows 7 or Server 2008 R2 and have applied Vulnerability-related.PatchVulnerability Microsoft 's Meltdown patches , you 'll want to grab and install Vulnerability-related.PatchVulnerability today 's out-of-band update for CVE-2018-1038 . Swedish researcher Ulf Frisk discovered Vulnerability-related.DiscoverVulnerability the January and February Meltdown mitigations for Win7 and Server 2008 R2 were broken , and went public Vulnerability-related.DiscoverVulnerability with his findings once the March Patch Tuesday had kicked off . As it turns out , this month 's updates did not fully fix Vulnerability-related.PatchVulnerability things , and Microsoft has had to scramble to remedy Vulnerability-related.PatchVulnerability what was now a zero-day vulnerability in Windows 7 and Server 2008 . In other words , Microsoft has just had to put out Vulnerability-related.PatchVulnerability a patch for a patch for a patch . Hardly inspiring stuff , but we suppose the old Microsoft adage remains true – never trust a Redmond product until version three at the earliest . On the other hand , writing kernel-level memory management code is an absolute bastard at times , so you have to afford the devs some sympathy .

Microsoft has seen Vulnerability-related.DiscoverVulnerability its share of issues as of late , and now a seemingly simple patch is causing serious issues to certain laptops running the 2016 Anniversary Update . The update was originally released Vulnerability-related.PatchVulnerability to prevent a zero-day attack on IE . Per Microsoft , this was the issue being fixed Vulnerability-related.PatchVulnerability : A remote code execution vulnerability exists in Vulnerability-related.DiscoverVulnerability the way that the scripting engine handles objects in memory in Internet Explorer . The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user . An attacker who successfully exploited Vulnerability-related.DiscoverVulnerability the vulnerability could gain the same user rights as the current user . If the current user is logged on with administrative user rights , an attacker who successfully exploited Vulnerability-related.DiscoverVulnerability the vulnerability could take control of an affected system . An attacker could then install programs ; view , change , or delete data ; or create new accounts with full user rights . In a web-based attack scenario , an attacker could host a specially crafted website that is designed Attack.Phishing to exploit the vulnerability through Internet Explorer and then convince Attack.Phishing a user to view the website , for example , by sending Attack.Phishing an email . The security update addresses Vulnerability-related.PatchVulnerability the vulnerability by modifying how the scripting engine handles objects in memory . But now that fix is causing a pretty big problem of its own : it ’ s preventing certain laptops from booting . The affected machines are part of a pretty small bunch—only Lenovo laptops with less than 8 GB of RAM running the 2016 Anniversary Update ( 1607 ) —but it ’ s still a pretty bad problem to have . Fortunately , there ’ s a way to bypass the failed boot by restarting into the UEFI and disabling Secure Boot . It ’ s also noted that if BitLocker is enabled that you may have to go through BitLocker recovery after disabling Secure Boot . On the upside , Microsoft is working with Lenovo to correct Vulnerability-related.PatchVulnerability the issue and will release Vulnerability-related.PatchVulnerability a fix sometime in the future . I just wouldn ’ t count on it before the end of the year . Until then , be careful when updating devices , especially if they happen to be Lenovo laptops with limited RAM .