Club Benefits
You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Daily (Mon-Sun)
Tom's Guide Daily
Sign up to get the latest updates on all of your favorite content! From cutting-edge tech news and the hottest streaming buzz to unbeatable deals on the best products and in-depth reviews, we’ve got you covered.
Weekly on Thursday
Tom's AI Guide
Be AI savvy with your weekly newsletter summing up all the biggest AI news you need to know. Plus, analysis from our AI editor and tips on how to use the latest AI tools!
Weekly on Friday
Tom's iGuide
Unlock the vast world of Apple news straight to your inbox. With coverage on everything from exciting product launches to essential software updates, this is your go-to source for the latest updates on all the best Apple content.
Weekly on Monday
Tom's Streaming Guide
Our weekly newsletter is expertly crafted to immerse you in the world of streaming. Stay updated on the latest releases and our top recommendations across your favorite streaming platforms.
Join the club
Get full access to premium articles, exclusive features and a growing list of member rewards.
Microsoft may have patched Windows 10 for Meltdown, but a security researcher claims that the patch had a "fatal flaw" that undermines the purported protection. The only way to get a true fix is to update to the Windows 10 April 2018 Update, which was released earlier this week. Bleeping Computer first reported the news.
Alex Ionescu of Crowdstrike wrote on wrote on Twitter that "#Meltdown patches for Windows 10 had a fatal flaw: calling NtCallEnclave returned back to user space with the full kernel page table directory, completely undermining the mitigation."
The layman's explanation there is that the patch still allowed access to the kernel, therefore undermining the use of having a patch at all. In other words, you're still vulnerable to Meltdown. This requires local code execution privileges and occurs only on Windows 10 Build 1709, the Fall Creators Update. If you've been updating your computer over Windows Update, that's very likely the version you have right now.
MORE: Meltdown and Spectre: How to Protect Your PC, Mac and Phone
Also, wanted to share this additional information as fyi -- The described technique requires local code execution privileges and is limited to Windows build 1709.
"We are aware and are working to provide customers with an update," a Microsoft spokesperson told Laptop Mag.
According to Bleeping Computer, the issue was fixed in the April 2018 major Windows 10 update that was released on Monday. This puts users in a bit of a predicament, as many like to wait until the kinks are worked out in new releases.
Additionally, you still have to manually download the new update, as it is not rolling out automatically just yet. Even then, it could take a long time for the April 2018 update to finally reach your PC.
Ionescu's point that there is "no backport" suggests that Microsoft has yet to bring the fix to older versions of Windows 10. Hopefully, we'll see a new fix on May 8, this month's Patch Tuesday.
Meltdown and another vulnerability, Spectre, were disclosed by Google's Project Zero and other researchers back in January. Meltdown affects almost every Intel processor going back to the mid-1990s, and Spectre affects many ARM and AMD processors as well. You can't currently buy a laptop or desktop without at least one of these vulnerabilities, though mitigations have come through via both operating-system and chip-firmware patches.
Image credit: Natascha Eidl/Public domain
This article originally appeared on Laptop Mag.
