- Intel’s “Processors MMIO Stale Data Advisory” has reported finding security vulnerabilities in Memory Mapped I/O (MMIO) for some Intel processors, which can lead to malicious actors accessing unauthorized data.
- Microsoft has published security updates to address this problem which can only be found in the Microsoft Update Catalog instead of Windows Update and Microsoft Update as of now.
- Users of the impacted Intel processors are advised to update to Microcode Firmware Update IPU 2022.1 by Intel, which fixes these problems.
According to the Intel Processors MMIO Stale Data Advisory, there are possible security vulnerabilities in Memory Mapped I/O (MMIO) for some Intel processors. If these flaws are successfully exploited, a hacker might have the ability to read privileged data as well as gaining unauthorized access to data. Not all Intel processors are affected, to see the entire list of affected processors, click here. Microsoft has released updates to mitigate this issue with security patches.
Details and mitigation
These data exposing vulnerabilities are tracked as:
- Device Register Partial Write (DRPW) (CVE-2022-21166)
- Update to Special Register Data Sampling (SRBDS update) (CVE-2022-21127)
- Shared Buffers Data Read (SBDR) (CVE-2022-21123)
- Shared Buffers Data Sampling (SBDS) (CVE-2022-21125)
Users of the impacted Intel processors are advised to update to the most recent firmware available from the system manufacturer in order to resolve these problems. Updates to the firmware (microcode) and software are necessary to receive full protection. Intel has released microcode updates for the affected Intel processors that are currently supported on the public github repository. However, it might take some time for the fixed microcode to arrive in your system through BIOS updates, depending on the manufacturer of the motherboards.
To mitigate the vulnerability, Microsoft has released optional updates which can only be found in the Microsoft Update Catalogue as of now. Users will not see the updates in Windows Update and Microsoft Update as Microsoft reports they can cause performance issues.
- For Windows Server 2022, click here.
- For Windows 10, click here.
- For Windows 11, version 21H2, click here.
- For Windows 11, version 22H2, click here.
- For Windows Server 2019, click here.
- For Windows Server 2016, click here.
As always, it is recommended to keep all devices up to date to avoid vulnerabilities and possible attacks.