Microsoft has launched out-of-band safety updates for ‘Memory Mapped I/O Stale Data (MMIO)’ info disclosure vulnerabilities in Intel CPUs.
The Mapped I/O side-channel vulnerabilities had been initially disclosed by Intel on June 14th, 2022, warning that the issues might enable processes working in a digital machine to entry knowledge from one other digital machine.
This class of vulnerabilities is tracked underneath the next CVEs:
- CVE-2022-21123 – Shared Buffer Data Read (SBDR)
- CVE-2022-21125 – Shared Buffer Data Sampling (SBDS)
- CVE-2022-21127 – Special Register Buffer Data Sampling Update (SRBDS Update)
- CVE-2022-21166 – Device Register Partial Write (DRPW)
As a part of the June Patch Tuesday, Microsoft additionally revealed ADV220002 with info on the sorts of situations that these vulnerabilities might impression.
“An attacker who efficiently exploited these vulnerabilities would possibly have the ability to learn privileged knowledge throughout belief boundaries,” defined Microsoft.
“In shared useful resource environments (equivalent to exists in some cloud companies configurations), these vulnerabilities might enable one digital machine to improperly entry info from one other.”
“In non-browsing situations on standalone programs, an attacker would want prior entry to the system or a capability to run a specifically crafted software on the goal system to leverage these vulnerabilities.”
However, in accordance with Microsoft’s advisory, no safety updates had been launched besides mitigations utilized for Windows Server 2019 and Windows Server 2022.
Microsoft has launched a considerably complicated set of safety updates for Windows 10, Windows 11, and Windows Server that handle these vulnerabilities.
From the help bulletins, it’s unclear if they’re new Intel microcodes or different mitigations that might be utilized to gadgets.
These updates are being launched as handbook updates within the Microsoft Update Catalog:
These are possible being launched as non-compulsory, handbook updates because the mitigations for these vulnerabilities may cause efficiency points, and the issues might not be absolutely resolved with out disabling Intel Hyper-Threading Technology (Intel HT Technology) in some situations.
Therefore, it’s strongly suggested that you simply learn each Intel’s and Microsoft’s advisories earlier than making use of these updates.