Microsoft released yesterday a new KB, the new KB4100480 fixes a security hole (CVE-2018-1038). The update itself is only available for x64 systems. Microsoft itself doesn’t show much, a proper changelog is – as always – missing. But that’s an old cap.
Fewer details but it fixes a critical hole
KB4100480 seems only for Windows 7, Embedded and Windows Server 2008 R2 systems, in other words weak operating systems. The CVE details are available here.
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system.
The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
- Windows 7 SP1 x64: windows6.1-kb4100480-x64.msu around 22,1 MB
- Windows 7 Embedded x64 windows6.1-kb4100480-x64.msu around 22,2 MB
- Windows Server 2008 R2 x64: windows6.1-kb4100480-x64.msu around 22,1 MB
When do people learn that using older systems is always a problem, maybe never Windows XP and older operating systems seems to brand some people forever. The idea to not upgrade is so wrong but I guess we had that topic already hundred times here.
Yet again not enough information are given which seems to be an internal communication problem between developers and marketing or support page writers. That’s really not transparent enough and no one can expect to decompile every single KB in order to see and verify if MS holds what they promise or if it matches with the given changelog – in other words it’s impossible to look behind because once you’re done another KB or a replacement KB is already released.
We all only can hope that MS changes the KB articles to provide us power users with more details which are useful. Copy & Paste articles are worth nothing.