Microsoft releases emergency patches for Intel CPU vulnerabilities in Windows 10, Windows 11 and Windows Server
Following a security disclosure by Intel way back in June of last year about vulnerabilities affecting its processors, Microsoft has issued a series of out-of-band fixes for the flaws.
In all, Intel revealed details of four data-exposing chip flaws (CVE-2022-21123, CVE-2022-21125, CVE-2022-21127 and CVE-2022-21166) described collectively as Processor MMIO (memory-mapped I/O) Stale Data Vulnerabilities. Now Microsoft has released a total of six emergency updates for various versions of Windows 10, Windows 11 and Windows Server.
- Microsoft warns of Windows 11 startup problems after installing Moment 2 (KB5022913 update)
- CISA director says Microsoft and Twitter should be more like Apple in terms of security
- You may soon have Microsoft Defender installed on your computer whether you want it or not
Explaining the nature of the problem, Intel says: "Processor MMIO Stale Data Vulnerabilities are a class of memory-mapped I/O (MMIO) vulnerabilities that can expose data. The sequences of operations for exposing data range from simple to very complex. Because most of the vulnerabilities require the attacker to have access to MMIO, many environments are not affected".
The company goes on to explain:
System environments using virtualization where MMIO access is provided to untrusted guests may need mitigation.
Intel Software Guard Extensions (Intel SGX) may require mitigation.
These vulnerabilities are not transient execution attacks. However, these vulnerabilities may propagate stale data into core fill buffers where the data may subsequently be inferred by an unmitigated transient execution attack.
Mitigation for these vulnerabilities includes a combination of microcode updates and software changes, depending on the platform and usage model. Some of these mitigations are similar as those used to mitigate Microarchitectural Data Sampling (MDS) or those used to mitigate Special Register Buffer Data Sampling (SRBDS).
The six updates need to manually download from the Microsoft Update Catalog. Here are the links for each of the affected operating system editions:
- KB5019180 - Windows 10 versions 20H2, 21H2 and 22H2
- KB5019177 - Windows 11 version 21H2
- KB5019178 - Windows 11 version 22H2
- KB5019182 - Windows Server 2016
- KB5019181 - Windows Server 2019
- KB5019106 - Windows Server 2022