A person known as XPN, whose blog lists identifies as a hacker and infosec researcher, posted details of a working exploit that takes advantage of Total Meltdown on Monday. The source code for Total Meltdown, a vulnerability created when Microsoft tried to patch the initial Meltdown flaw, is available on GitHub.
XPN describes Total Meltdown as a “pretty awesome” vulnerability in that it allows “any process to access and modify page table entries.”
XPN also noted that the goal was to create an exploit that could “elevate privileges during an assessment,” but it was only to help other people understand the exploitation technique, not to create a read-to-use attack.
Total Meltdown was originally created from a botched patch Microsoft issued for the original Meltdown flaw–of the Spectre/Meltdown vulnerabilities reported earlier.
Whereas the original Meltdown flaw was read-only, Total Meltdown also provides write access. This only affects 64-bit versions of Win7 and Server 2008 R2.
See the Woody on Windows column in Computerworld, https://www.computerworld.com/article/3269003/microsoft-windows/heads-up-total-meltdown-exploit-code-now-available-on-github.
There have been a series of flawed patches and its not pretty reading so take tiem to check out the article in full.
To tell if you’re protected from Total Meltdown, you’ll have to check your patch history. If you have no patches from 2018, you should be good, according to Woody on Windows. If you do have patches, KB 4100480, 4093108, or 4093118 installed, you should also be protected. Without those, Woody on Windows noted, you’ll need to rollback your machine, manually install KB 4093108, or use “Windows Update to install all of the checked April Windows patches.”
However there is lot more cautionary advice to read.
