A new vulnerability dubbed “Total Meltdown” was discovered last month after Microsoft issued patches to fix the previous Meltdown vulnerabilities.
According to security researchers, Total Meltdown affects 64-bit versions of Windows 7 and Server 2008 R2.
Total Meltdown is much more serious since it gives hackers complete read/write access to memory at native speeds (e.g., gigabytes per second). This compares to the original Meltdown that allowed malicious apps read access to memory at slower speeds (e.g., 120 KB/s).
The issues were since patched by Microsoft. However, now the source code for Total Meltdown vulnerability exploit has been published on GitHub. A hacker/researcher known as XPN also posted details on the Total Meltdown exploit on a blog on Monday, TechRepublic reports.
Now that the XPN exploit code is out in the wild, administrators should double-check to make sure all of of their Windows 7 and Server 2008 R2 (64 bit) desktops and servers have been fully patched to include April patches.
See Microsoft security advisory that addresses the Total Meltdown and Windows Kernel Elevation of Privilege Vulnerability (CVE-2018-1038).
It will likely be a matter of time before the exploit code will be used for new exploits of unpatched systems in the wild.