Microsoft releases emergency patches for Intel CPU vulnerabilities in Windows..

Topic

New Reply

[Alex5723]

Microsoft releases emergency patches for Intel CPU vulnerabilities in Windows 10, Windows 11 and Windows Server

Following a security disclosure by Intel way back in June of last year about vulnerabilities affecting its processors, Microsoft has issued a series of out-of-band fixes for the flaws.

In all, Intel revealed details of four data-exposing chip flaws (CVE-2022-21123, CVE-2022-21125, CVE-2022-21127 and CVE-2022-21166) described collectively as Processor MMIO (memory-mapped I/O) Stale Data Vulnerabilities. Now Microsoft has released a total of six emergency updates for various versions of Windows 10, Windows 11 and Windows Server…

https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html

The six updates need to manually download from the Microsoft Update Catalog. Here are the links for each of the affected operating system editions:

KB5019180 – Windows 10 versions 20H2, 21H2 and 22H2
KB5019177 – Windows 11 version 21H2
KB5019178 – Windows 11 version 22H2
KB5019182 – Windows Server 2016
KB5019181 – Windows Server 2019
KB5019106 – Windows Server 2022..

Microsoft Guidance on Intel Processor MMIO Stale Data Vulnerabilities

..An attacker who successfully exploited these vulnerabilities might be able to read privileged data across trust boundaries. In shared resource environments (such as exists in some cloud services configurations), these vulnerabilities could allow one virtual machine to improperly access information from another. In non-browsing scenarios on standalone systems, an attacker would need prior access to the system or an ability to run a specially crafted application on the target system to leverage these vulnerabilities..

Important: These vulnerabilities might affect other operating systems (Linux, Intel Macs) and service providers. We advise customers to seek guidance from their respective vendors…

Microsoft releases Windows security updates for Intel CPU flaws

• This topic was modified 2 years, 2 months ago by Alex5723.
• This topic was modified 2 years, 2 months ago by PKCano.

2 users thanked author for this post.

TechTango, fernlady

Reply | Quote

Replies

According to Intel the severity rating is medium:

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html

In the above link you’ll also find this link which gives a list of the affected processors:

https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html

Might be worth a read through the above info before downloading and installing the patches from the MS Catalog (which at least for the W10 patch appears to be the only way to get it).

1 user thanked author for this post.

fernlady

Reply | Quote

My CPU is older and isn’t in Intel’s list of currently supported CPUs that are vulnerable.

How do I know if it’s vulnerable? Is there a test?

Should I install Microsoft’s patch just in case?

Reply | Quote

No.  These are clearly more at risk for servers in a datacenter, not your local computer.

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

KRfw6vQ

Reply | Quote

I had to go to the MS Catalog for Windows 11. Nothing came in when checking for updates.

Thought I was in the clear but I found my processor number almost to the bottom of the page.

Windows 11 Pro
Version 23H2
OS build 22631.5335

Reply | Quote

Intel consolidated affected processors table:

https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html

Windows 10 Pro 22H2

Reply | Quote

In that Bleeping Computer link Alex posted above, there is some good advice, these updates were issued to folks running Windows Server 2019 and 2022. But they are manual, optional, updates for the rest of us: https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-security-updates-for-intel-cpu-flaws/

“However, according to Microsoft’s advisory, no security updates were released except mitigations applied for Windows Server 2019 and Windows Server 2022.”

“These are likely being released as optional, manual updates as the mitigations for these vulnerabilities can cause performance issues, and the flaws may not be fully resolved without disabling Intel Hyper-Threading Technology (Intel HT Technology) in some scenarios.

Therefore, it is strongly advised that you read both Intel’s and Microsoft’s advisories before applying these updates.”

Windows 10 Pro 22H2

Reply | Quote

Taking six months doesn’t sound like emergency patches to me.

Susan Bradley Patch Lady/Prudent patcher

3 users thanked author for this post.

Sky, KRfw6vQ, satrow

Reply | Quote

Susan Bradley wrote:

Taking six months doesn’t sound like emergency patches to me.

Taking 9 months. Patch pregnancy?.
I suppose these patches will arrive with March patch Tuesday.

Reply | Quote

I doubt it.  These look to be download only and if warranted.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

I downloaded KB5019178 (Windows 11 22H2) and installed it March 3, 2023 as it was applicable to my computer. I’ve seen no difficulties after installation, but others may have problems.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

Anyone got CPU firmware pushed from Intel, Microsoft OEM ?

Reply | Quote

One of the latest Linux Mint updates was a CPU microcode update marked “Security”. Linux Ubuntu and Mint are keeping us up to date.

Being 20 something in the 70's was so much better than being 70 something in the insane 20's

1 user thanked author for this post.

Alex5723

Reply | Quote