Microsoft releases KB4497165 and KB4558130 microcode updates for Windows 10 to fix Intel security flaws
Earlier in the year, Intel announced that it had completed software validations on fixes for a series of security flaws affecting many of its processors discovered a couple of years ago. Now Microsoft, in conjunction with the chip-maker, released microcode updates for Windows 10 to fix these issues.
The four problems are connected to the now-infamous Spectre and Meltdown flaws from 2018. They relate to problems with the speculative execution function of many chips, and could allow for sensitive data to leak.
- Microsoft releases KB4571744 update to fix lots of Windows 10 problems
- Microsoft pushes out KB4023057 yet again to force Windows 10 feature updates
- Microsoft blocks the installation of Windows 10 version 2004 on laptops with LTE modems
Two separate updates have been released via Windows Update. Both address the same problems, but are designed for different versions of Windows 10. The KB4497165 update is for Windows 10 version 1903 (Windows 10 May 2019 Update) and version 1909 (Windows 10 November 2019 Update); the KB4558130 update is for Windows 10 version 2004 (Windows 10 May 2020 Update)
The microcode updates fix the following four security flaws:
- CVE-2019-11091– Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
- CVE-2018-12126– Microarchitectural Store Buffer Data Sampling (MSBDS)?
- CVE-2018-12127– Microarchitectural Load Port Data Sampling (MLPDS)
- CVE-2018-12130– Microarchitectural Fill Buffer Data Sampling (MFBDS)
In the case of KB4558130, Microsoft warns that the microcode update should only be installed by people whose computer have the affected processors. You can check through the fairly lengthy list here. The same warning has, oddly, not been issued for the KB4497165 update, but it's probably still worth heeding the advice and checking the list relating to this update here.