Data: CASIE
Negative Trigger
an
emergency
security
update
to
correct
Vulnerability-related.PatchVulnerability
a
security
update
it
issued
Vulnerability-related.PatchVulnerability
earlier
this
month
to
correct
Vulnerability-related.PatchVulnerability
a
security
update
it
issued
Vulnerability-related.PatchVulnerability
in
January
and
February
.
In
January
and
February
,
Redmond
emitted
Vulnerability-related.PatchVulnerability
fixes
for
Windows
7
and
Server
2008
R2
machines
to
counter
Vulnerability-related.PatchVulnerability
the
Meltdown
chip-level
vulnerability
in
modern
Intel
x64
processors
.
Unfortunately
,
those
patches
blew
Vulnerability-related.PatchVulnerability
a
gaping
hole
in
the
operating
systems
:
normal
applications
and
logged-in
users
could
now
access
and
modify
any
part
of
physical
RAM
,
and
gain
complete
control
over
a
box
,
with
the
updates
installed
.
Rather
than
stop
programs
and
non-administrators
from
exploiting
Meltdown
to
extract
Attack.Databreach
passwords
and
other
secrets
from
protected
kernel
memory
,
the
fixes
on
Windows
7
and
Server
2008
R2
instead
granted
full
read-write
privileges
to
system
RAM
.
Roll
on
March
,
and
Microsoft
pushed out
Vulnerability-related.PatchVulnerability
fixes
on
Patch
Tuesday
to
correct
Vulnerability-related.PatchVulnerability
those
January
and
February
updates
to
close
Vulnerability-related.PatchVulnerability
the
security
vulnerability
it
accidentally
opened
.
Except
that
March
update
did
n't
fully
seal
Vulnerability-related.PatchVulnerability
the
deal
:
the
bug
remained in
Vulnerability-related.DiscoverVulnerability
the
kernel
,
and
was
exploitable
by
malicious
software
and
users
.
Total
Meltdown
Now
,
if
you
're
using
Windows
7
or
Server
2008
R2
and
have applied
Vulnerability-related.PatchVulnerability
Microsoft
's
Meltdown
patches
,
you
'll
want
to
grab and install
Vulnerability-related.PatchVulnerability
today
's
out-of-band
update
for
CVE-2018-1038
.
Swedish
researcher
Ulf
Frisk
discovered
Vulnerability-related.DiscoverVulnerability
the
January
and
February
Meltdown
mitigations
for
Win7
and
Server
2008
R2
were
broken
,
and
went public
Vulnerability-related.DiscoverVulnerability
with
his
findings
once
the
March
Patch
Tuesday
had
kicked
off
.
As
it
turns
out
,
this
month
's
updates
did
not
fully
fix
Vulnerability-related.PatchVulnerability
things
,
and
Microsoft
has
had
to
scramble
to
remedy
Vulnerability-related.PatchVulnerability
what
was
now
a
zero-day
vulnerability
in
Windows
7
and
Server
2008
.
In
other
words
,
Microsoft
has
just
had
to
put out
Vulnerability-related.PatchVulnerability
a
patch
for
a
patch
for
a
patch
.
Hardly
inspiring
stuff
,
but
we
suppose
the
old
Microsoft
adage
remains
true
–
never
trust
a
Redmond
product
until
version
three
at
the
earliest
.
On
the
other
hand
,
writing
kernel-level
memory
management
code
is
an
absolute
bastard
at
times
,
so
you
have
to
afford
the
devs
some
sympathy
.