Number: AV18-054
Date: 30 March 2018
Purpose
The purpose of this advisory is to bring attention to a recently released Microsoft Security Update to which addresses failure to protect kernel memory when the Microsoft patch for the vulnerability known as Meltdown is installed.
Assessment
This advisory addresses the vulnerability by correcting how the Windows kernel handles objects in memory in various Microsoft products.
Affected Products:
- Windows 7 for x64-based Systems Service Pack 1
- Windows Server 2008 R2 for x64-based Systems Service Pack 1
- Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
CVE References: CVE-2018-1038
Suggested action
CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1038
https://www.kb.cert.org/vuls/id/277400