Microsoft is fixing a load of serious Intel CPU security flaws

News
By Sead Fadilpašić
published

Fixes should be applied with caution, Microsoft warns

An image of security icons for a network encircling a digital blue earth.
(Image credit: Shutterstock)

Microsoft has released multiple patches addressing a number of vulnerabilities recently discovered in some popular Intel CPUs.

The out-of-band updates addressed a total of four vulnerabilities, cumulatively described as “Memory Mapped I/O STale Data (MMIO) information disclosure flaws.

In other words, a threat actor could use a flaw in a virtual machine to access (sensitive) data in a different virtual machine.

Accessing sensitive data

The vulnerabilities are being tracked as CVE-2022-21123 (Shared Buffer Data Read), CVE-2022-21125 (Shared Buffer Data Sampling), CVE-2022-21127 (Special Register Buffer Data Sampling Update), and CVE-2022-21166 (Device Register Partial Write).

"An attacker who successfully exploited these vulnerabilities might be able to read privileged data across trust boundaries," Microsoft said in a follow-up advisory. 

"In shared resource environments (such as exists in some cloud services configurations), these vulnerabilities could allow one virtual machine to improperly access information from another. In non-browsing scenarios on standalone systems, an attacker would need prior access to the system or an ability to run a specially crafted application on the target system to leverage these vulnerabilities."

Read more

> Intel reveals a whole load of hardware security issues, so patch now

> Latest Intel CPUs have 'impossible to fix' security flaw

> These are the best malware protections right now

Microsoft also said that besides mitigations for Windows Server 2019 and Windows Server 2022, no patches were ever released. Now, the Redmond giant took matters into its own hands. However, according to BleepingComputer, the set of updates for Windows 10, Windows 11, and Windows Server, seem to be “somewhat confusing”: “From the support bulletins, it is unclear if they are new Intel microcodes or other mitigations that will be applied to devices,” the publication explained.

To apply the patches, users need to download them to their endpoints manually from the Microsoft Update Catalog. These are the labels: 

  • KB5019180 - Windows 10, version 20H2, 21H2, and 22H2
  • KB5019177 - Windows 11, version 21H2
  • KB5019178 - Windows 11, version 22H2
  • KB5019182 - Windows Server 2016
  • KB5019181 - Windows Server 2019
  • KB5019106 - Windows Server 2022

Updates should be applied with caution, the publication added, as they can cause performance issues and might even be ineffective without disabling Intel Hyper-Threading Technology. 

Via: BleepingComputer

Sead Fadilpašić
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.