March 30, 2018

Total Meltdown Vulnerability Explained

by: Align

There is a new critical Microsoft vulnerability being closely watched by the Information Security community. Known as “Total Meltdown,” this vulnerability only affects Windows 7 and Windows 2008 R2 machines; as a precaution, Align is notifying you of this potential threat. 

The Threat

The vulnerability was introduced in Microsoft’s January patch as part of their efforts to fix the “Meltdown” security flaw. The impact of this new vulnerability is more severe than the original. If a system is successfully exploited, malicious software can be allowed to read system memory at speeds of gigabytes per second. The malware can also gain write access to anywhere in the system, including protected kernel memory. 

In essence, this can allow an attacker to gain system-level privileges on the affected host, in addition to allowing the attacker access to sensitive information in system memory. As with the original ‘Meltdown’ vulnerability, this is not remotely exploitable. The malicious code must be run locally on the system for the vulnerability to be exploited. 

Recommendations

Align is not aware of any official response from Microsoft at this time. However, mitigation of this new vulnerability requires that the latest Microsoft security updates be applied to affected systems, as per their March 13th release. Affected systems include:

    • Windows 7 for x64-based Systems Service Pack 1
    • Windows Server 2008 R2 for x64-based Systems Service Pack 1
    • Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
For additional information or questions please reach out to our Service Desk via phone +1 800-877-9980 or email itservicedesk@align.com. 

 

Continue Reading

Related Articles

★★★★★

“Align is our trusted provider for all our Managed Services and cybersecurity needs. They provide us best-in-class IT services that not only help drive productivity and growth, but ensure we meet both current and evolving compliance and security requirements with ease. As consultants to financial advisors, trust and reliability are indispensable to our operations, which is why we never hesitate to refer Align to our very own client base. Align isn’t just our partner, they are an extension of our team. We look forward to entrusting them with our IT infrastructure for years to come.”

Ed Fasano - Experienced Advisory Consultants LLC