Report: 'Meltdown' Patch Did More Harm than Good for Windows 7 -- Redmond Channel Partner

Bekker's Blog by Scott Bekker, Editor in Chief

Report: 'Meltdown' Patch Did More Harm than Good for Windows 7

Patches that were released in January to protect Windows 7 from the Meltdown flaw may have opened an even worse can of worms for the OS, according to one security researcher.

Ulf Frisk, a security researcher who specializes in direct memory access (DMA) attacks, described the problem this week in a blog post called "Total Meltdown?"

The January patch was intended to address the Meltdown flaw in Intel, IBM POWER and ARM-based processors that emerged in January and theoretically allows a rogue process to read all memory on a system.

"[The patch] stopped Meltdown but opened up a vulnerability way worse...It allowed any process to read the complete memory contents at gigabytes per second, oh -- it was possible to write to arbitrary memory as well," wrote Frisk, who is the author of the PCILeech memory access attack toolkit, and who described himself in a DEFCON 24 presentation in 2016 as a penetration tester specializing in online banking security and working in Stockholm, Sweden.

**[Click on image for larger view.]** Using his PCILeech tool, researcher Ulf Frisk demonstrates the speed of memory dumping from Windows 7 with the January patches at 4GB/s (left). The dump speed is slightly slower when dumping the memory to disk (right). (Image source: Ulf Frisk)

"No fancy exploits were needed. Windows 7 already did the hard work of mapping in the required memory into every running process. Exploitation was just a matter of read and write to already mapped in-process virtual memory. No fancy APIs or syscalls required -- just standard read and write," Frisk said.

The flaw does not affect Windows 10 or Windows 8, according to Frisk.

The problem appears to have been introduced by the Windows 7 patches released in January, during the industrywide scramble to address the Meltdown and related Spectre flaws whose existence was revealed slightly ahead of schedule. Some of the first-generation patches caused reboot and slowdown issues, among other problems.

Frisk said the subsequent March patch for Windows 7 fixed the flaw, and he discovered the problem after the March patch was released.

Posted by Scott Bekker on March 28, 2018

Featured

Nutanix Partner Central Rolls Out To Boost Channel Engagement

Nutanix on Wednesday launched a new platform, Partner Central, to give its channel partners a unified digital workspace for managing sales, tracking incentives and collaborating more effectively.
Veeam Releases Data Cloud for MSPs, Targets SaaS Protection at Scale

Veeam is expanding its footprint in the managed services arena with the global launch of Veeam Data Cloud for Managed Service Providers (MSPs).
The Era of Windows 10 (and Some Office and Skype Editions) Officially Comes to an End

Microsoft has formally withdrawn support for Windows 10 as of Oct. 14, 2025, bringing the curtain down on one of its most widely adopted operating systems.
Microsoft Builds AI Agent To Help Its Own Employees Navigate Licensing

Microsoft has rolled out an internal AI agent dubbed "Licensing Navigator" to help its own users answer complex licensing questions, promising to improve response times by nearly 90 percent.

RCP Update

Email Address*Country*

Please type the letters/numbers you see above.

Bekker's Blog by Scott Bekker, Editor in Chief

Report: 'Meltdown' Patch Did More Harm than Good for Windows 7

Featured

Nutanix Partner Central Rolls Out To Boost Channel Engagement

Veeam Releases Data Cloud for MSPs, Targets SaaS Protection at Scale

The Era of Windows 10 (and Some Office and Skype Editions) Officially Comes to an End

Microsoft Builds AI Agent To Help Its Own Employees Navigate Licensing

Nutanix Partner Central Rolls Out To Boost Channel Engagement

MIT Finds Only 1 in 20 AI Investments Translate into ROI

Microsoft To Standardize Online Services Pricing for Volume Licensing

Veeam Releases Data Cloud for MSPs, Targets SaaS Protection at Scale

Microsoft Appoints Althoff as New CEO for Commercial Business

Nutanix Partner Central Rolls Out To Boost Channel Engagement

MIT Finds Only 1 in 20 AI Investments Translate into ROI

Microsoft To Standardize Online Services Pricing for Volume Licensing

Veeam Releases Data Cloud for MSPs, Targets SaaS Protection at Scale

Microsoft Appoints Althoff as New CEO for Commercial Business

Partner Guides

Partner's Guide to the Windows Server 2008 Deadline

Partner's Guide to Office 365 Security Costs

Partner's Guide to UCaaS

Partner's Guide to Starter Workloads in Azure

Partner's Guide to Microsoft's Fiscal Year 2019

FREE WEBCASTS FROM OUR SPONSORS

Veeam Data Cloud for Microsoft 365

Coffee Talk | MSP Security Playbook: Threat Detection, Response and Beyond

Coffee Talk | Next-Gen Threat Management: A Unified Approach for MSPs

Veeam Simplified: The Easy Button for MSPs Protecting Microsoft 365

FREE WHITE PAPERS FROM OUR SPONSORS

The Easy Button eBook: Simplicity of SaaS-Based Backup for Microsoft 365

H1 2025 Threat Landscape Report

The Real Gap in Traditional EDR Security

3 Signs It's Time to Consolidate Your Stack