| ▲ | Jare 5 days ago | |||||||
I went to check when the bug had been patched, and was left wanting. I however lack the expertise to really appreciate how much danger exists in practice, or for whom. I just know I do have Win11 24H2 and "This leak primitive is particularly useful for Windows versions 24H2 or later" | ||||||||
| ▲ | bri3d 5 days ago | parent | next [-] | |||||||
The information leak in this bug is particularly useful for Windows 24H2 and later only because _prior_ to 24H2, there were immensely simpler methods that made the protection this bypasses (KASLR) completely useless anyway. And KASLR is still mostly useless due to the prefetch exploit linked elsewhere in the thread. So, it's not that this bug is a _bigger_ problem on Win11 24H2, it's that there were so many _other_ problems prior to Win11 24H2 that nobody would bother with this bug in the first place. You have nothing to worry about from being on Win11 24H2 specifically when it comes to this bug. And: This is an information leak bug. No danger exists in practice for anyone from this bug alone. It erodes one very weak layer to a defense-in-depth strategy. It could have been used as part of a chain of exploits to provide the attacker with information (the kernel slide) that they needed, but it just provides a meaningless memory address on its own. | ||||||||
| ▲ | Ethee 5 days ago | parent | prev | next [-] | |||||||
If you follow the CVE link included: https://msrc.microsoft.com/update-guide/vulnerability/CVE-20... It would seem this was patched in the Aug 12 security patch rollout. | ||||||||
| ||||||||
| ▲ | MattSteelblade 5 days ago | parent | prev | next [-] | |||||||
This type of exploit is useful as part of a chain of exploits; it defeats a defense-in-depth protection. | ||||||||
| ||||||||
| ▲ | 5 days ago | parent | prev [-] | |||||||
| [deleted] | ||||||||