Microsoft 's patches for the Meltdown vulnerability have had a fatal flaw all these past months , according to Alex Ionescu , a security researcher with cyber-security firm Crowdstrike . Only patches for Windows 10 versions were affected Vulnerability-related.DiscoverVulnerability , the researcher wrote today in a tweet . Microsoft quietly fixed Vulnerability-related.PatchVulnerability the issue on Windows 10 Redstone 4 ( v1803 ) , also known as the April 2018 Update , released Vulnerability-related.PatchVulnerability on Monday . `` Welp , it turns out Vulnerability-related.PatchVulnerability the Meltdown patches for Windows 10 had a fatal flaw : calling NtCallEnclave returned back to user space with the full kernel page table directory , completely undermining the mitigation , '' Ionescu wrote . Microsoft issued Vulnerability-related.PatchVulnerability today an security update , but it was n't to backport the `` fixed '' Meltdown patches for older Windows 10 versions . Instead , the emergency update fixed Vulnerability-related.PatchVulnerability a vulnerability in the Windows Host Compute Service Shim ( hcsshim ) library ( CVE-2018-8115 ) that allows an attacker to remotely execute code on vulnerable systems . Microsoft classified Vulnerability-related.DiscoverVulnerability CVE-2018-8115 as a `` critical '' issues . A patched hcsshim file is available Vulnerability-related.PatchVulnerability for download from GitHub . `` We are aware and are working to provide Vulnerability-related.PatchVulnerability customers with an update , '' a Microsoft spokesperson told Bleeping Computer today in an email . It may be that if Microsoft does n't bundle these fixes in an out-of-band update , they will most likely arrive Vulnerability-related.PatchVulnerability in Microsoft 's May 2018 Patch Tuesday , but this is only our speculation . Microsoft released Vulnerability-related.PatchVulnerability its Meltdown and Spectre patches on January 4 , a day after security researchers disclosed Vulnerability-related.DiscoverVulnerability the two flaws , vulnerabilities that allow attackers to retrieve data from protected areas of modern CPUs . The Redmond-based OS maker has had a hard time patching Vulnerability-related.PatchVulnerability the two flaws , and the company recently issued Vulnerability-related.PatchVulnerability additional security updates to fix Vulnerability-related.PatchVulnerability the original Spectre mitigations , and also deliver Vulnerability-related.PatchVulnerability Intel CPU microcode updates , as a favor to Intel .

The messages included ASCII art depicting robots and warned that the printers had been compromised and they were part of a botnet . The hacker , who uses the online alias Stackoverflowin , later said that the botnet claim was not true and that his efforts served only to raise awareness about the risks of leaving printers exposed to the internet . Stackoverflowin claims to be a high-school student from the U.K. who is interested in security research . He said that Vulnerability-related.DiscoverVulnerability for the most part he simply sent print jobs using the Line Printer Daemon ( LPD ) , the Internet Printing Protocol ( IPP ) and the RAW protocol on communications port 9100 to printers that did n't require authentication . However , he also claims to have exploited Vulnerability-related.DiscoverVulnerability an undisclosed remote command execution ( RCE ) vulnerability in the web management interface of Xerox printers . The hacker estimates that up to 150,000 printers were affected Vulnerability-related.DiscoverVulnerability by his effort , but claims to Vulnerability-related.DiscoverVulnerability have access to more RCE flaws that he did n't use and which would have allowed him to print to over 300,000 printers . As printers around the world started printing the hacker 's rogue messages on Friday , affected users took to Twitter to report the problem . From the photos they posted , it appears that many of the printers were part of point-of-sale systems . The issue of publicly exposed printers is not new and has been exploited Vulnerability-related.DiscoverVulnerability before to print rogue and sometimes offensive messages . However , the issue was renewed last week when researchers from Ruhr-University Bochum in Germany published a paper Vulnerability-related.DiscoverVulnerability on different attacks against network printers and an assessment of 20 printer models .