Skip to main content

CPU bug patch saga: Antivirus tools caught with their hands in the Windows cookie jar

posted onJanuary 10, 2018
by l33tdawg

Microsoft's workaround to protect Windows computers from the Intel processor security flaw dubbed Meltdown has revealed the rootkit-like nature of modern security tools.

Some anti-malware packages are incompatible with Redmond's Meltdown patch, released last week, because the tools make, according to Microsoft, “unsupported calls into Windows kernel memory,” crashing the system with a blue screen of death. In extreme cases, systems fail to boot up when antivirus packages clash with the patch.

The problem arises because the Meltdown patch involves moving the kernel into its own private virtual memory address space. Usually, operating systems such as Windows and Linux map the kernel into the top region of every user process's virtual memory space. The kernel is marked invisible to the running programs, although due to the Meltdown design oversight in Intel's modern chips, its memory can still be read by applications. This is bad because it means programs can siphon off passwords and other secrets held in protected kernel memory.

Source

Tags

Industry News

You May Also Like

Recent News

Friday, January 19th

Thursday, January 18th

Monday, January 15th

Friday, January 12th

Thursday, January 11th

Wednesday, January 10th