Microsoft says it has addressed a recent vulnerability through an Intel microcode update. The release is specifically for older versions of Windows 10 that are open to Microarchitectural Data Sampling (MDS) attack.
The flaw has been recently disclosed and affect the Intel CPUs running in non-supported Windows 10 builds. Intel revealed the problem recently and said it was working with partners on a solution:
“Intel has worked with operating system vendors, equipment manufacturers, and other ecosystem partners to develop platform firmware and software updates that can help protect systems from these methods. This includes the release of updated Intel microprocessor microcode to our customers and partners.”
Microsoft has been cleaning up this flaw recently, including issuing four patched to cover four MDS speculative execution side-channel vulnerabilities. The new Intel microcode updates shore up older Windows 10 versions through Microsoft’s update Catalog:
“KB4494175 applies to Windows Server 2016, Windows 10, version 1607; KB4494452 applies to Windows 10, version 1709; KB4494453 applies to Windows 10, version 1703; and KB4494454 applies to Windows 10 RTM.”
If an attacker exploited the MDS flaws, they could take data from Intel CPUs and gain access to processes. Microsoft says such an attack on computers connected to the cloud would allow bad actors to access machines without permission.
Update Details
Cloud providers have acted to protect users from the attacks, and Microsoft is now working on fixing personal PCs. The company says dozens of Intel CPUs are affected, including the chipmakers newest 9th generation Core processors.
“This update also includes Intel microcode updates that were already released for these operating systems at the time of release to manufacturing (RTM),” it adds.
Microsoft also tells users and network administrators to avoid installing these updates until they have checked with Intel and device manufacturers to see what their plans are for the microcode problem.