Microsoft Offers Instructions to Disable Downfall Mitigations on Windows

Mitigations that patch the new Downfall vulnerability in Intel's previous Best CPUs have finally been released. Now, Microsoft has provided a method for turning off the Downfall mitigation for users that require speed over security.

To disable the Downfall mitigation, open an elevated command prompt and type the following: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 33554432 /f. 

Alternatively, you can execute the same command in the Windows Registry by heading to this location: 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management, finding the value name FeatureSettingsOverride, finding the value type REG_DWORD, and inputting the hexadecimal code 0x2000000.

For this to work, you again must have the Downfall mitigation installed. Windows 10 and 11 installations must also include Windows updates released on August 22, 2023, or later. The same applies to Windows Server environments with Windows updates dated on or after September 12th, 2023. 

Downfall is a new CPU vulnerability affecting all modern Intel CPUs before its 12th Gen Alder Lake CPUs. 11th Gen Rocket Lake, 10th Gen Comet Lake, 9th Gen Coffee Lake Refresh, 8th Gen Coffee Lake, and 7th Gen Kaby Lake CPUs are all affected. The exploit takes advantage of a new transient execution attack, GDS or Gath Data Sampling, that enables attackers to steal sensitive information from a system's most secure environments, including the user kernel, processes, virtual machines, and trusted execution environments.

GDS takes advantage of an architectural vulnerability in Intel's CPUs that reveals internal hardware registers to software, allowing attackers to infer stale data from previously used vector registers. (This is similar to AMD's Zen 1 vulnerability, which utilizes exploitable CPU registers to steal sensitive data.)

According to Microsoft, the new Downfall mitigation is now available with the installation of Intel's Platform Update (IPU) 23.3 microcode update. The update will be rolled out automatically as a motherboard firmware update for OEM systems. For DIY builders, the update will be integrated into a BIOS update for your motherboard that you can install manually. (Unless your motherboard vendor has provided an automated BIOS updating process through 3rd party applications or Windows Update.)

Microsoft did not disclose how significant the CPU performance losses are with the mitigation enabled. However, it is substantial enough that Microsoft allows the mitigation to be disabled on Windows Server environments.