Did you hear about the newest bug in Windows 7, introduced by the Meltdown patches that Microsoft implemented? Accidentally leaving the Page-Map Level 4 (PML4) as user?

A simple user-space application that tried to read a kernel address should’ve crashed, how about this for a basic test, Microsoft?

#include <stdio.h>
  
int main() {
	volatile unsigned long *ptr = (volatile unsigned long *)0xFFFFF6FB7DBED000;
	printf("%lu\n", *ptr);
	return 0;
}

Compile with Cygwin and run. If it doesn’t crash, the new Windows 7 Meltdown bug is present.

The real question is, I guess, how do you accidentally make PML4 user. Oh, and if you’re wondering why this only affects Windows 7, it’s easy: parts of the memory management code were rewritten for Windows 10 so that the location of the page tables could be randomized.

Have fun.