While Spectre was more problematic due to Intel’s faulty patch, it was thought the Meltdown fix was more straightforward. However, security researcher Alex Ionescu says Microsoft’s Meltdown patch for Windows has a “fatal flaw”. Microsoft sent out the patch in January, among the first to react to Meltdown and Spectre. Unfortunately, Ionescu suggests there has been an underpinning problem with that patch. So much so, the mitigation has been pointless: “Welp, it turns out the #Meltdown patches for Windows 10 had a fatal flaw: calling NtCallEnclave returned back to user space with the full kernel page table directory, completely undermining the mitigation.” Perhaps the most interesting aspect here is that Microsoft has seemingly known about this problem. The company has been fixing it quietly behind closed doors. You may remember Intel and companies like Microsoft and Apple withheld Meltdown and Spectre from the public domain. The tech giants wanted time to create mitigations, but that decision has been widely criticized. Microsoft would argue this was different. However, users believed they were protected against Meltdown when they actually weren’t.
Windows 10 April 2018 Update Fix
Whether your pissed about that or not, Microsoft has now fixed the issue. Windows 10 April 2018 Update appears to have a resolution to the problem. That means users upgrading to the latest Windows update will be protected. That in itself presents two big problems: Regarding the second point, Microsoft is reported to be working on fixing other Windows 10 versions. Patch Tuesday for May is coming next week, so we expect the company to at least confirm this problem and when a fix is coming.