Microsoft has released out- of- band security updates for’ Memory Counterplotted I/ O Stale Data( MMIO)’ information exposure vulnerabilities in Intel CPUs.
The Counterplotted I/ O side- channel vulnerabilities were originally bared by Intel on June 14th, 2022, advising that the excrescencies could allow processes running in a virtual machine to pierce data from another virtual machine.
This class of vulnerabilities is tracked under the following CVEs
CVE-2022-21123- Shared Buffer Data Read( SBDR)
CVE-2022-21125- Shared Buffer Data Testing( SBDS)
CVE-2022-21127-Special Register Buffer Data Testing Update( SRBDS Update)
CVE-2022-21166- Device Register Partial Write( DRPW)
As part of the June Patch Tuesday, Microsoft also published ADV220002 with information on the types of scripts that these vulnerabilities could impact.
” An bushwhacker who successfully exploited these vulnerabilities might be suitable to read privileged data across trust boundaries,” explained Microsoft.
” In participated resource surroundings( similar as exists in some pall servicesconfigurations), these vulnerabilities could allow one virtual machine to inaptly accessinformation from another.”
” Innon-browsing scripts on standalone systems, an bushwhacker would need previousaccess to the system or an capability to run a especially drafted operation on the target system to influence these vulnerabilities.”
still, according to Microsoft’s advisory, no security updates were released except mitigations applied for Windows Garçon 2019 and Windows Garçon 2022.
Microsoft has released a kindly confusing set of security updates for Windows 10, Windows 11, and Windows Garçon that address these vulnerabilities.
From the support bulletins, it’s unclear if they’re new Intel microcodes or othermitigations that will be applied to bias.
These updates are being released as homemade updates in the Microsoft Update roster
KB5019180- Windows 10, version 20H2, 21H2, and 22H2
KB5019177- Windows 11, version 21H2
KB5019178- Windows 11, version 22H2
KB5019182- Windows server 2016
KB5019181- Windows server 2019
KB5019106- Windows server 2022
These are likely being released as voluntary, homemade updates as the mitigations for these vulnerabilities can beget performance issues, and the excrescencies may not becompletely resolved without disabling Intel Hyper- Threading Technology( Intel HT Technology) in some scripts.
thus, it’s explosively advised that you read both Intel’s and Microsoft’s advisories before applying these updates.