Time to rethink mandatory password changes
Microsoft may have patched Windows 10 for Meltdown, but a security researcher claims that the patch had a “fatal flaw” that undermines the purported protection. The only way to get a true fix is to update to the Windows 10 April 2018 Update, which was released earlier this week. Bleeping Computer first reported the news.
Alex Ionescu of Crowdstrike wrote on wrote on Twitter that “#Meltdown patches for Windows 10 had a fatal flaw: calling NtCallEnclave returned back to user space with the full kernel page table directory, completely undermining the mitigation.”