Reply to post:

Microsoft silently fixes security holes in Windows 10 – dumps Win 7, 8 out in the cold


The whole issue is that these fixes are silently introduced in the upstream kernel, with no mention of any security impact. Thus they don't get backported into distro kernels, or publicly announced as security issues at all.

You'd have to be at the latest upstream kernel to avoid this, not at whatever your distro considers "their kernel with latest security updates" unless the two are identical.

However, that comes with its own issues, obviously.

In any case, you should take other measures if you actually have a threat model where you might be targeted by an advanced attacker. Grsecurity, syscall lockdown for untrusted processes, etc.

All mainstream OS kernels today are pretty weak once an attacker can run code on the system.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019