Windows 7 users! After Meltdown comes Total Meltdown!

[Skybird]

https://www.computerworld.com/articl...mentation.html

Thank you Microsoft, for making it so easy not to hate you:

Quote:

KB 4100480 kicked off the two days from patching purgatory with a Windows 7/Server 2008R2 kernel update for CVE-2018-1038, the “Total Meltdown” bug Microsoft introduced in Win7 back in January. Total Meltdown, you may recall, is a huge security hole implemented by all of these Microsoft security patches:

• KB 4056894 Win7/Server 2008 R2 January Monthly Rollup.
• KB 4056897 Win7/Server 2008 R2 January Security-only patch.
• KB 4073578 Hotfix for “Unbootable state for AMD devices in Windows 7 SP1. and Windows Server 2008 R2 SP1” bug installed in the January Monthly Rollup and Security-only patches.
• KB 4057400 Win7/Server 2008 R2 Preview of the February Monthly Rollup.
• KB 4074598 Win7/Server 2008 R2 February Monthly Rollup.
• KB 4074587 Win7/Server 2008 R2 February Security-only patch.
• KB 4075211 Win7/Server 2008 R2 Preview of the March Monthly Rollup.
• KB 4091290 Hotfix for “smart card based operations fail with error with SCARD_E_NO_SERVICE” bug installed in the February Monthly Rollup.
• KB 4088875 Win7/Server 2008 R2 March Monthly Rollup.
• KB 4088878 Win7/Server 2008 R2 March Security-only patch.
• KB 4088881 Win7/Server 2008 R2 Preview of April Monthly Rollup.

If you installed any of those 11 patches on your Intel 64-bit Windows 7/Server 2008 R2 computer, you opened up a gaping hole known as “Total Meltdown,” or CVE-2018-1038, that allows any program running on your computer to run in kernel mode. Yes, any program that’s running can read or write into any part of memory.

Microsoft infected all of those machines to defend against the professionally marketed Meltdown/Spectre vulnerability, which has never, ever been seen in the wild. Kevin Beaumont (@GossiTheDog on Twitter) said it best:

The amazing thing is Meltdown is academic research, which is realistically very difficult to do at scale (ie nobody has managed it) whereas this introduced issue is trivial to exploit — even I can do. And I’m thick.

Vess Bontchev goes on to say:

The single bug this [KB 4100480] update fixes is catastrophic. Basically a bug that negates the fundamental security protections of the OS and returns it to the times of MS-DOS.

Ulf Frisk, the guy who discovered this gaping security hole, said last Wednesday that the March Monthly Rollup, KB 4088875, plugs the hole. The next day he said that, oops, the March Monthly Rollup doesn’t fix the hole. Microsoft has now confirmed that the March Monthly Rollup actually introduces the hole.

(...)

I can recall lots of bad Windows patches over the past couple of decades, but I’d be hard-pressed to come up with any that approach this year’s phalanx of Windows 7 screw-ups. It’s as if Microsoft doesn’t care about old multi-billion-dollar businesses.

For now, I continue to recommend that individuals stay put and don’t install any of the March patches. For enterprises, follow Bradley’s advice and roll back to December if you have users with indiscriminate clicking fingers.

Hip hip hooray. These days many people at Microsoft, from programmers to managers and decision makers, obviously have no clue anymore of what they are doing.

[Rockin Robbins]

Oh my! Maybe it's a good thing that I can't get my computer to boot a DVD.....

[BarracudaUAK]

Quote:

Originally Posted by Rockin Robbins

Oh my! Maybe it's a good thing that I can't get my computer to boot a DVD.....

Still having trouble with your new system?

Barracuda

[aanker]

Does the GWX control panel monitor still perform its function of preventing Win 7 being upgraded to Win 10 or is it obsolete now?

Although no Windows updates show in that window I think Microsoft was trying to force my Win 7 to go out so I would have to update to Win 10. Luckily I have a Recovery partition that I ran to recover my Win 7 and boot to desktop ability.

I've scanned for problems with more than one anti-virus malware program and I'm clean, but occasionally I'll have to boot more than once to get in. I think Microsoft is trying to throw a monkey wrench into Win 7 computers that are plugged in. Before this began I backed up to portable Hard Drives so I have duplicate files of my important things.

Time has come to completely disconnect from the internet with my Win 7 computers and buy a cheap something for internet access.

[Skybird]

MS started to throw plenty of other garbage at W7 already long time ago, GWX now is obsolete, I think. W7 is succesfully messed up.

You are right in a way, this is high time to disconnect WINDOWS from the internet. Use a Linux-based system for everything you do. Use a physically disconnected second system for your Windows-based gaming/simming - AND NOTHING MORE.

Windows 7 is no longer a safe haven from getting "telemetridized", but is a technical mess with plenty of very seriously bugged patches destroying it since over a year, and resistence to Microsoft is completely corrupted ." Imperial troops have entered the base... Imperial troops have ent..."

MS has no more busines sinterest in Windows anyway, lets face it. It cost them money, but does not generate income they wanted. Its a data collector that sells you, the owner, as the product. The real business of MS now lies somewhere else, in the cloud and swerver market. Windows as an Os is just a burden for MS. Thats why you can wait for all eternity for MS getting their homework done. In fact they are deconstructing their personell infrastructure to support it competently - and do so since two years, no, longer.

It will not get better, guys. It will just go from bad to worse, from worse to worst. Windows dies hard, but it dies. MS does not want it anymore, other than just a data collector.