Microsoft started releasing its Spectre and Meltdown patches at the beginning of 2018 and the company was considerate enough to release patches for Windows 7 and Windows 8.1, which still have a large user base. However, the Meltdown patch for Windows 7 reportedly introduced a major vulnerability which granted access to all data in user memory.
Frisk further explained that Microsoft’s Meltdown patches allowed all processes and applications to access all the data stored in memory, which also included data meant to be used by the operating system. “Once read/write access has been gained to the page tables it will be trivially easy to gain access to the complete physical memory, unless it is additionally protected by Extended Page Tables (EPTs) used for Virtualization,” Frisk explained. “All one has to do is to write their own Page Table Entries (PTEs) into the page tables to access arbitrary physical memory.”
