Are Windows OS user programs vulnerable to Spectre and the other recent Intel flaws? Wouldn't the virtual memory assignment in Windows prevent such attacks, or their usefulness? Sorry if I miss something, the attacks seem complex, and not even deterministic.
Asked
Active
Viewed 169 times
-3
-
3All major modern OS use virtual memory and Windows is no different to this. Also, Meltdown is exactly about bypassing some protections offered by virtual memory. *"I haven't found time (or even interest to make time)"* - there are enough information out there so that you don't need to read the technical papers. And, this is not a site for providing information just because the OP was too lazy to do some own research. If it does not seem to really interest you then why even ask? – Steffen Ullrich Jan 11 '18 at 08:12
1 Answers
2
Virtual addressing does not make spectre or meltdown more difficult to exploit. All of the proof of concept exploits have been performed on systems with virtual addressing. Virtual addressing by itself is not a security feature, it's merely a convenience for multitasking OS.
Page permissions are intended to provide isolation between different processes and between user-space and kernel-space, but the whole problem with Meltdown is that it provides a mechanism for leaking information across that boundary.
Rendition Infosec has built a nice slide deck describing the vulnerabilities and their implications in a condensed format.
David
- 15,814
- 3
- 48
- 73