Skip to main content

Intel Releases New Microcode Updates for old CPU Bugs

(Image credit: Shutterstock)
(Image credit: Shutterstock)

Intel on Thursday released a microcode update for the latest speculative execution flaws, such as the MDS attacks, that have affected its CPUs. The update is now available for both consumer and server versions of Windows 10 build 1903, but users must install it manually.

Vulnerability Details

The list of vulnerabilities is below:

  • CVE-2019-11091 – Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
  • CVE-2018-12126 – Microarchitectural Store Buffer Data Sampling (MSBDS)
  • CVE-2018-12127 – Microarchitectural Load Port Data Sampling (MLPDS)
  • CVE-2018-12130 – Microarchitectural Fill Buffer Data Sampling (MFBDS)

Some of these bugs were discovered in 2018, but it wasn’t until early 2019 that Intel released the first patches, which were later revised for the following processors in the fall of 2019:

  • Apollo Lake
  • Cherry View
  • Gemini Lake
  • Haswell Desktop
  • Haswell M
  • Haswell Xeon E3
  • Valley View

Now, the company has learned that some both older and newer CPU generations were also affected, including:

  • Denverton
  • Sandy Bridge
  • Sandy Bridge E, EP
  • Valley View
  • Whiskey Lake U

Microcode updates aren’t typically installed via the Windows operating system so it’s up to users to install them. You can find download details below: 

Many of the patches that aimed to mitigate the speculative execution attacks against Intel’s processors have also led to a performance hit. The new microcode updates may be no different, but in the end they could end up critical for the security of your system. For most cases, it would be wise to update regardless of the potential performance impact.

Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.