Все помнят про нашумевшую интеловскую багу Meltdown? Почему я об этом написал на этом ресурсе про линукс? Потому шо лулзы, мелкософт в январе пофиксил Meltdown, и представил намного более улучшенную версию знаменитого бага, о котором мы узнали только сейчас, после трех месяцев дырищи:
A vulnerability introduced in Windows 7 by Microsoft as part of their attempts to patch the much-publicized Meltdown vulnerability was recently disclosed by Swedish security researcher Ulf Frisk in a blog post. In contrast to Meltdown, which was measured by the original researchers as being able to read kernel memory at around 120 KB/s, the newly-disclosed «Total Meltdown» vulnerability allows malicious programs to read complete system memory at speeds of gigabytes per second.
To make matters worse, it also gives complete write access to hackers, whereas the original Meltdown vulnerability was read-only, the post said. This vulnerability exists due to a programming oversight in the handling of memory mirroring for the virtual memory address space assigned when a program runs. The PML4 page table permission bit was incorrectly set to «user» instead of «supervisor.» As a result, memory that should only be accessible to the kernel was automatically mapped for every process running at user-level privileges.
In Windows 7, and Windows Server 2008 R2 (which shares the same version of the Windows kernel,) PML4 is always mapped to the address 0xFFFFF6FB7DBED000 in virtual memory, whereas Windows 10 randomizes the location of this data, the post noted. With the address known, and capable of being manipulated normally without with the use of a particular programming trick, exploiting this oversight is trivial."