Skip to main content

Intel Releases New Microcode Updates for old CPU Bugs

(Image credit: Shutterstock)
(Image credit: Shutterstock)

Intel on Thursday released a microcode update for the latest speculative execution flaws, such as the MDS attacks, that have affected its CPUs. The update is now available for both consumer and server versions of Windows 10 build 1903, but users must install it manually.

Vulnerability Details

The list of vulnerabilities is below:

  • CVE-2019-11091 – Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
  • CVE-2018-12126 – Microarchitectural Store Buffer Data Sampling (MSBDS)
  • CVE-2018-12127 – Microarchitectural Load Port Data Sampling (MLPDS)
  • CVE-2018-12130 – Microarchitectural Fill Buffer Data Sampling (MFBDS)

Some of these bugs were discovered in 2018, but it wasn’t until early 2019 that Intel released the first patches, which were later revised for the following processors in the fall of 2019:

  • Apollo Lake
  • Cherry View
  • Gemini Lake
  • Haswell Desktop
  • Haswell M
  • Haswell Xeon E3
  • Valley View

Now, the company has learned that some both older and newer CPU generations were also affected, including:

  • Denverton
  • Sandy Bridge
  • Sandy Bridge E, EP
  • Valley View
  • Whiskey Lake U

Microcode updates aren’t typically installed via the Windows operating system so it’s up to users to install them. You can find download details below: 

Many of the patches that aimed to mitigate the speculative execution attacks against Intel’s processors have also led to a performance hit. The new microcode updates may be no different, but in the end they could end up critical for the security of your system. For most cases, it would be wise to update regardless of the potential performance impact.

  • Beetlebox
    Some of these bugs were discovered in 2018, but it wasn’t until early 2019 that Intel released the first patches, which were later revised for the following processors in the fall of 2019:
    Apollo Lake
    Cherry View
    Gemini Lake
    Haswell Desktop
    Haswell M
    Haswell Xeon E3
    Valley View

    I don't get it, please help me understand. The revised SA00233 was published in June and none of the microcode patches in KB4497165 (1909 x64) are newer than May 2019 with most that are pertinent to SA00233 being from Feb 2019 to Apr 2019 with the exception of Apollo Lake and Gemini Lake which date back to 2018.

    Now there have been microcode patches released in the fall of 2019 such as for Kaby Lake Y / U which as of 3rd Oct 2019 is 22 revisions higher than that in KB4497165.
    Reply