Microsoft has released multiple patches that address a number of vulnerabilities recently discovered in some popular Intel CPUs.
The out-of-band updates addressed a total of four vulnerabilities, collectively described as “Memory Mapped I/O STale Data (MMIO) information disclosure flaws.
In other words, a threat actor could use a flaw in one virtual machine to access (sensitive) data in another virtual machine.
Access to sensitive data
The vulnerabilities are tracked as CVE-2022-21123 (Shared Buffer Data Read), CVE-2022-21125 (Shared Buffer Data Sampling), CVE-2022-21127 (Special Register Buffer Data Sampling Update), and CVE-2022-21166 (Device Registry partial writing).
“An attacker who successfully exploited these vulnerabilities may be able to read privileged data across trust boundaries,” Microsoft said in a follow-up advisory.
In shared resource environments (such as in some cloud service configurations), these vulnerabilities could allow one virtual machine to inappropriately access information from another. to exploit these vulnerabilities.”
Microsoft also said that in addition to measures for Windows Server 2019 and Windows Server 2022, no patches have ever been released. Now the Redmond giant took matters into his own hands. According to BleepingComputer, the series of updates for Windows 10, Windows 11 and Windows Server appear to be “slightly confusing”: “From the support bulletins it is unclear whether they are new Intel microcodes or other measures that will be taken.” applied to devices,” the publication explained.
To apply the patches, users must download them to their endpoints (opens in new tab) manually from the Microsoft Update Catalog. These are the labels:
- KB5019180 – Windows 10, Version 20H2, 21H2, and 22H2
- KB5019177 — Windows 11, version 21H2
- KB5019178 — Windows 11, version 22H2
- KB5019182 – Windows Server 2016
- KB5019181 – Windows Server 2019
- KB5019106 – Windows Server 2022
Updates should be applied with caution, the publication added, as they can cause performance issues and may even be ineffective without disabling Intel Hyper-Threading technology.
Via: Bleeping Computer (opens in new tab)