Intel And Microsoft Send Warning About Windows Vulnerability

Intel And Microsoft Send Warning About Windows Vulnerability


After the publication of the new microcode updates, Intel has also published the security notices. This security notice addresses newly discovered CPU vulnerabilities that can affect Intel Core processors. It also contains sensitive data. We’ve already covered the “MMIO Stale Data Vulnerabilities” Intel CPU vulnerabilities. Microsoft and Intel now follow up on the key details of these vulnerabilities and explain how they can be exploited.

I/O Memory Alloted

These vulnerabilities relate to the memory-mapped I/O – MMIO short – of a CPU. They are collectively referred as “MMIO stable information vulnerabilities”. After successfully exploiting the vulnerabilities, a threat actor can access privileged information stored on the victim’s computer.

These vulnerabilities were assigned the following CVE numbers.

  • CVE-2022-21123: Shared Read Buffer data (SBDR).
  • CVE-2022-21125 – Common buffer data sample (SBDS)
  • CVE-2022-21127: Update of the Special Register for Buffer Data Sampling. (SRBDS Update).
  • CVE-2022-21166: Partial Write of Device Registers

Intel explains this error as follows: “MMIO steal data vulnerabilities” are a group of memory-mapped I/O vulnerabilities (MMIO) that can leak data. A processor core can read or write MMIO. The transaction is typically performed using non-cacheable memory types. It is forwarded to the uncore. Malicious actors may use uncore buffers or mapped registers to store data from multiple hardware threads within the same physical processor core.

Some attack scenarios may involve stale data already in a buffer. In other attacks scenarios, malicious actors could access microarchitecture data storage location leaks. Microsoft’s new Security Advisor ADV220002 describes potential attack scenarios and recommends that you import the updates as soon possible.

Intel And Microsoft Send Warning About Windows Vulnerability
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Most Popular

To Top