Windows emergency security updates for systems with Intel CPUs

Microsoft has released emergency security updates for the “Memory Mapped I/O Stale Data (MMIO)” information disclosure vulnerabilities in Intel processors.

Mapped I/O side-channel security vulnerabilities were originally revealed by Intel on June 14, 2022, warning that they could allow processes running in one virtual machine to access data from another virtual machine.

This class of vulnerabilities is tracked with the following CVEs:

CVE-2022-21123 – Shared Buffer Data Read (SBDR)
CVE-2022-21125 – Shared Buffer Data Sampling (SBDS)
CVE-2022-21127 – Update special register cache data sampling (SRBDS Update)
CVE-2022-21166 – Device Registration Partial Record (DRPW)

According to Microsoft, no security updates have been released for these vulnerabilities except for a few fixes implemented for Windows Server 2019 and Windows Server 2022.

Today Microsoft released a somewhat confusing set of security updates for Windows 10, Windows 11, and Windows Server that address these vulnerabilities.

From the support bulletins, it is not clear if these are new Intel updates or other mitigations that will be applied to the devices.

These updates are released as manual updates in the Microsoft Update Catalog:

The above updates may be released as optional, with manual updates, but vulnerabilities may cause performance issues. Security vulnerabilities may not be fully resolved without disabling Intel Hyper-Threading Technology (Intel HT Technology) in some cases.

Therefore, it is recommended that you read the advice from both Intel and Microsoft before applying the updates.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.097 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).