News 2 min read

Microsoft’s Meltdown became a Total Meltdown

5 minutes Windows 7, Windows 8 Microsoft’s attempts to fix Meltdown flaw turned into Total Meltdown on Windows 7 Microsoft made windows 7 more vulnerable It’s not a secret that Windows 7 is the main target of ransomware and malware. The unsupported operating system was the most affected OS by WannaCry ransomware last year. However, […]

Microsoft made windows 7 more vulnerable
0 Comments
5 minutes Windows 7, Windows 8

Microsoft’s attempts to fix Meltdown flaw turned into Total Meltdown on Windows 7

Microsoft made windows 7 more vulnerable
Microsoft made windows 7 more vulnerable

It’s not a secret that Windows 7 is the main target of ransomware and malware. The unsupported operating system was the most affected OS by WannaCry ransomware last year. However, Microsoft provided patches and security feature due to the high usage of the OS.

Unfortunately, not all Microsoft’s attempts to do good for the customers end up as expected. Recently, the independent security researcher from Sweeden Ulf Frisk discovered that company’s attempt to fix Meltdown hardware vulnerability made the situation even worse.

Microsoft introduced Meltdown patch for Windows 7 in January which was supposed to fix the flaw that allowed attackers to read kernel memory. However, goodwill became a “Total Meltdown,” because the company left a mug that let malware not only reading, but overwriting memory too.

The “Total Meltdown” made machines with Windows 7 (x86-64 versions) and Server 2008 R2 (with the 2018-01 or 2018-02 patches) even less secure that they have been before. Meanwhile, Windows 8, 8.1 and 10 are not affected by this issue.

Total Meltdown opened new opportunities to the attackers

Originally, Meltdown vulnerability allowed attackers to read the kernel information due to issues with PML4 page table permissions. The total Meltdown flaw made the memory not only readable but writable as well. Hence, attackers can do anything if they manage to hack into a device.

This brand new Windows security hole allows malicious programs, or any user who has access to a vulnerable computer can get administrator privileges, manipulate memory map of the OS, access or overwrite information in RAM. It goes without saying that passwords and other personal information can be stolen easily as well.

Additionally, Meltdown vulnerability allowed reading memory at 120 KB/s speed. However, the Total Meltdown gave more speed. Now reading, stealing, and modifying kernel information is possible in GB/s speed.

Windows 7 users should patch OS immediately

As soon as the issue has been reported, Microsoft released emergency security updated to fix the Total Meltdown which was released with security updates in January and February. Users are urged to install CVE-2018-1038 vulnerability which fixed the security issue:

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
[Source: Microsoft Security TechCenter]

The patch is issued via Windows Update. However, if you have disabled automatic updates, you should download it from the Microsoft’s Update Catalog.

Did this fix work for you?
Linas Kiguolis

Written by

Co-founder & Tech Lead
System architecture Performance optimization Browser troubleshooting Network issues Software conflicts

Linas Kiguolis is co-founder of uGetFix and the platform's technical lead. With over a decade of experience in Windows systems, web infrastructure, and browser performance, he shapes the technical direction of the site and personally validates complex multi-step fixes. Linas has a background in software engineering and applies that rigour to troubleshooting guides — ensuring every recommended step is tested, reproducible, and safe. His areas of focus include system performance degradation, browser-level failures, software conflicts, and network connectivity issues affecting Windows users.

0 Comments

Be the first to comment

Still worried? Run a free check.

Paste any URL or domain — we'll scan it against 4.2M known threats in 10 seconds.

View full scanner → Add to your website →