Microsoft has released emergency security updates for the vulnerabilities disclosure of “Memory Mapped I/O Stale Data (MMIO)” information on Intel processors.
The security gaps of Mapped I/O side-channel were originally revealed by Intel on June 14, 2022, warning that they could allow processes running in one virtual machine to access data from another virtual machine.
This class of vulnerabilities is tracked with the following CVEs:
CVE-2022-21123 – Shared Buffer Data Read (SBDR)
CVE-2022-21125 – Shared Buffer Data Sampling (SBDS)
CVE-2022-21127 – Update special register cache data sampling (SRBDS Update)
CVE-2022-21166 – Device Registration Partial Record (DRPW)
According to Microsoft, no security updates have been released for these vulnerabilities except for a few fixes implemented for Windows Server 2019 and Windows Server 2022.
Today Microsoft released a somewhat confusing set of security updates for Windows 10, Windows 11, and Windows Server that address these vulnerabilities.
From the support bulletins, it is not clear if these are new Intel updates or other mitigations that will be applied to the devices.
These updates are released as manual updates to Microsoft Update Catalog:
- KB5019180 – Windows 10, version 20H2, 21H2, and 22H2
- KB5019177 – Windows 11, version 21H2
- KB5019178 – Windows 11, version 22H2
- KB5019182 - Windows Server 2016
- KB5019181 - Windows Server 2019
- KB5019106 - Windows Server 2022
The above updates may be released as optional, with manual updates, but vulnerabilities may cause performance issues. Security vulnerabilities may not be fully resolved without disabling it technology Intel Hyper-Threading Technology (Intel HT Technology) in some cases.
Therefore, it is recommended that you read the advice from both Intel and Microsoft before applying the updates.