Intel on Thursday released a microcode update for the latest speculative execution flaws, such as the MDS attacks, that have affected its CPUs. The update is now available for both consumer and server versions of Windows 10 build 1903, but users must install it manually.
Vulnerability Details
The list of vulnerabilities is below:
- CVE-2019-11091 – Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
- CVE-2018-12126 – Microarchitectural Store Buffer Data Sampling (MSBDS)
- CVE-2018-12127 – Microarchitectural Load Port Data Sampling (MLPDS)
- CVE-2018-12130 – Microarchitectural Fill Buffer Data Sampling (MFBDS)
Some of these bugs were discovered in 2018, but it wasn’t until early 2019 that Intel released the first patches, which were later revised for the following processors in the fall of 2019:
- Apollo Lake
- Cherry View
- Gemini Lake
- Haswell Desktop
- Haswell M
- Haswell Xeon E3
- Valley View
Now, the company has learned that some both older and newer CPU generations were also affected, including:
- Denverton
- Sandy Bridge
- Sandy Bridge E, EP
- Valley View
- Whiskey Lake U
Microcode updates aren’t typically installed via the Windows operating system so it’s up to users to install them. You can find download details below:
- Windows 10 version 1903/1909: KB497165
- Windows 10 version 1809: KB4494174
- Windows 10 version 1803: KB4494451
- Windows 10 version 1709: KB4494452
- Windows 10 version 1703: KB4494453
- Windows 10 Version 1607: KB4494175
- Windows 10 Version 1507: KB4494454
Many of the patches that aimed to mitigate the speculative execution attacks against Intel’s processors have also led to a performance hit. The new microcode updates may be no different, but in the end they could end up critical for the security of your system. For most cases, it would be wise to update regardless of the potential performance impact.
