Microsoft releases emergency patches for Intel CPU vulnerabilities in Windows 10, Windows 11 and Windows Server

Intel logo

Following a security disclosure by Intel way back in June of last year about vulnerabilities affecting its processors, Microsoft has issued a series of out-of-band fixes for the flaws.

In all, Intel revealed details of four data-exposing chip flaws (CVE-2022-21123, CVE-2022-21125, CVE-2022-21127 and CVE-2022-21166) described collectively as Processor MMIO (memory-mapped I/O) Stale Data Vulnerabilities. Now Microsoft has released a total of six emergency updates for various versions of Windows 10, Windows 11 and Windows Server.

See also:


Explaining the nature of the problem, Intel says: "Processor MMIO Stale Data Vulnerabilities are a class of memory-mapped I/O (MMIO) vulnerabilities that can expose data. The sequences of operations for exposing data range from simple to very complex. Because most of the vulnerabilities require the attacker to have access to MMIO, many environments are not affected".

The company goes on to explain:

System environments using virtualization where MMIO access is provided to untrusted guests may need mitigation.

Intel Software Guard Extensions (Intel SGX) may require mitigation.

These vulnerabilities are not transient execution attacks. However, these vulnerabilities may propagate stale data into core fill buffers where the data may subsequently be inferred by an unmitigated transient execution attack.

Mitigation for these vulnerabilities includes a combination of microcode updates and software changes, depending on the platform and usage model. Some of these mitigations are similar as those used to mitigate Microarchitectural Data Sampling (MDS) or those used to mitigate Special Register Buffer Data Sampling (SRBDS).

The six updates need to manually download from the Microsoft Update Catalog. Here are the links for each of the affected operating system editions:

 Image credit: monticello / depositphotos

© 1998-2023 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.