Microsoft Releases Interim Patch for Windows 7 and Server 2008 R2
Microsoft has released a patch that addresses vulnerabilities in the x64 editions of Windows 7 and Windows Server 2008 R2. These are the vulnerabilities that Microsoft introduced in, among other things, the Meltdown updates from January and February.
Microsoft reports that the kernel update labeled CVE-2018-1038 resolves a user privilege elevation vulnerability in Windows 7 x64 and Server 2008 R2 x64. This is a vulnerability that systems will have to deal with if they have implemented an update in or after January.
Microsoft lists the updates that introduced the vulnerability, including the security updates that counteract Meltdown and the update that was supposed to prevent the problems of AMD systems with that Meltdown patch.
The vulnerability in Windows 7 x64 and Server 2008 R2 x64 came to light this week. It turned out to be possible to read and write the memory with user-level rights. According to the discoverer, Microsoft would have closed the leak in the March update, but from the list that Microsoft is now publishing, it seems that this was not the case. Additionally, the March update caused issues that many users may have skipped.