Microsoft is waring of a new security concern named “Downfall” that has emerged. Identified as CVE-2022-40982, this flaw is a transient execution attack impacting Intel CPUs. Microsoft has recognized the issue and offered mitigation techniques for users of Windows 10, Windows 11, and Windows Server.
Details on the Vulnerability
Microsoft has identified a transient execution attack termed gather data sampling (GDS) or “Downfall.” This vulnerability could potentially be exploited to deduce data from affected CPUs across various security boundaries, including user-kernel, processes, virtual machines (VMs), and trusted execution environments. For further insights into this vulnerability, one can refer to the INTEL-SA-00828 security advisory and CVE-2022-40982.
Steps for Mitigation
Microsoft has emphasized the importance of addressing this vulnerability promptly. The company has provided a mitigation method that is enabled by default, with an option for users to disable it if they choose. To counteract the vulnerability associated with CVE-2023-40982, users are advised to install the Intel Platform Update (IPU) 23.3 microcode update. This update can typically be acquired from the original equipment manufacturer (OEM). Notably, Intel's latest products, including Alder Lake, Raptor Lake, and Sapphire Rapids, have in-built defense measures and remain unaffected by this vulnerability.
Option to Disable the Mitigation
For those who do not perceive GDS as a threat, Microsoft has provided an option to turn off the mitigation in specific environments. However, it's crucial to note that disabling the mitigation when Hyper-V (Virtualization) is activated is not covered in the current implementation. To deactivate the GDS mitigation in Windows, certain prerequisites must be met, including having specific Windows updates installed. Once these conditions are satisfied, users can adjust a feature flag in the registry to disable the mitigation.
As cyber threats continue to evolve, it's imperative for companies and users alike to stay informed and take necessary precautions. Microsoft's proactive approach in addressing the “Downfall” vulnerability showcases the importance of timely mitigation and offers users the flexibility to choose their security measures.
Flax Typhoon Vulnerability
Microsoft has also this week warned users about the Flax Typhoon hacking group that has ties to China. Espionage seems to be the main goal of the group. They have mainly targeted organizations in Taiwan, but they could easily use their techniques for other regions as well. Microsoft connects this campaign to Flax Typhoon, which shares some similarities with another known actor, ETHEREAL PANDA.
Flax Typhoon's approach is unique in that it gains and maintains access to Taiwanese organizations' networks with minimal use of malware. Instead, it relies on tools built into the operating system and some typically benign software to discreetly remain within these networks.