Microsoft releases Home windows safety updates for Intel CPU flaws

Posted on By No Comments on Microsoft releases Home windows safety updates for Intel CPU flaws
Technology

[ad_1]

Microsoft Windows

Microsoft has launched out-of-band safety updates for ‘Reminiscence Mapped I/O Stale Information (MMIO)’ info disclosure vulnerabilities in Intel CPUs.

The Mapped I/O side-channel vulnerabilities had been initially disclosed by Intel on June 14th, 2022, warning that the issues may permit processes operating in a digital machine to entry knowledge from one other digital machine.

This class of vulnerabilities is tracked beneath the next CVEs:

  • CVE-2022-21123 – Shared Buffer Information Learn (SBDR) 
  • CVE-2022-21125 – Shared Buffer Information Sampling (SBDS)
  • CVE-2022-21127 – Particular Register Buffer Information Sampling Replace (SRBDS Replace)
  • CVE-2022-21166 – System Register Partial Write (DRPW)

As a part of the June Patch Tuesday, Microsoft additionally revealed ADV220002 with info on the sorts of situations that these vulnerabilities may impression. 

“An attacker who efficiently exploited these vulnerabilities would possibly be capable of learn privileged knowledge throughout belief boundaries,” defined Microsoft.

“In shared useful resource environments (equivalent to exists in some cloud companies configurations), these vulnerabilities may permit one digital machine to improperly entry info from one other.”

“In non-browsing situations on standalone methods, an attacker would want prior entry to the system or a capability to run a specifically crafted software on the goal system to leverage these vulnerabilities.”

Nevertheless, in accordance with Microsoft’s advisory, no safety updates had been launched besides mitigations applied for Windows Server 2019 and Windows Server 2022.

Microsoft has launched a considerably complicated set of safety updates for Home windows 10, Home windows 11, and Home windows Server that tackle these vulnerabilities. 

From the help bulletins, it’s unclear if they’re new Intel microcodes or different mitigations that shall be utilized to units.

These updates are being launched as guide updates within the Microsoft Replace Catalog:

These are possible being launched as non-compulsory, guide updates because the mitigations for these vulnerabilities may cause efficiency points, and the issues is probably not totally resolved with out disabling Intel Hyper-Threading Expertise (Intel HT Expertise) in some situations.

Subsequently, it’s strongly suggested that you simply learn each Intel’s and Microsoft’s advisories earlier than making use of these updates.

[ad_2]

Source_link

You may also like

Technology
SCARLETEEL hackers use superior cloud abilities to steal supply code, knowledge
March 1, 2023
Technology
Bitwarden flaw can let hackers steal passwords utilizing iframes
March 8, 2023
Technology
X reportedly assessments eradicating headlines from hyperlinks to information articles
August 22, 2023
Technology
Burton Snowboards cancels on-line orders after ‘cyber incident’
February 16, 2023

Leave a Reply

Your email address will not be published. Required fields are marked *