[ad_1]

MicrosoftWindows

Microsoft has released out of band security updates for Memory Mapped I/O Stale Data (MMIO) Information Disclosure Vulnerabilities in Intel processors.

The mapped I/O side channel vulnerabilities were initially disclosed by Intel on June 14, 2022, warning that the flaws could allow processes running in one virtual machine to access data in another virtual machine.

This class of vulnerabilities is tracked by the following CVEs:

  • CVE-2022-21123 – Read shared buffer data (SBDR)
  • CVE-2022-21125 – Sampling shared buffer data (SBDS)
  • CVE-2022-21127 – Special register buffer data sampling update (SRBDS update)
  • CVE-2022-21166 – Partial device register write (DRPW)

As a member of June Patch TuesdayMicrosoft has also released ADV220002 with information about the types of scenarios these vulnerabilities could impact.

“An attacker who successfully exploited these vulnerabilities might be able to read privileged data across trust boundaries,” Microsoft explained.

“In shared resource environments (as there are in some cloud service configurations), these vulnerabilities could allow one virtual machine to inappropriately access another’s information.”

“In non-navigation scenarios on autonomous systems, an attacker would need prior system access or the ability to run a specially crafted application on the target system to exploit these vulnerabilities.”

However, according to Microsoft’s notice, no security updates have been released except for mitigations applied for Windows Server 2019 and Windows Server 2022.

Microsoft has released a somewhat confusing set of security updates for Windows 10, Windows 11, and Windows Server that address these vulnerabilities.

From the support bulletins, it is unclear whether these are new Intel microcodes or other mitigations that will be applied to the devices.

These updates are released as manual updates in the Microsoft Update Catalog:

These are likely released as optional manual updates, as mitigations for these vulnerabilities may cause performance issues, and the flaws may not be fully resolved without disabling Intel Hyper-Threading Technology (Intel HT Technology) in some scenarios.

Therefore, it is strongly advised to read Intel and Microsoft advisories before applying these updates.

[ad_2]

Source link