Tuesday, February 4th 2020

Microsoft Releases Microcode Updates Adressing Intel CPU Vulnerabilities under Windows 10

Microsoft today has released several microcode updates for Intel CPUs. The updates are meant to be applied in a case-by-case basis under their Windows 10 operating system, and these updates target several releases of that OS (ranging from version 1507 through version 1903/1909). These address several vulnerability exploits related to side-channel and speculative execution attacks on Intel CPUs.

The updates need to be installed specifically for the Windows OS version you're rocking, and on systems with CPUs affected by the vulnerabilities and covered by this microcode update release. These include Intel's Denverton (Atom C3000 series); Sandy Bridge, Sandy Bridge E and EP (2000 and 3000 series), Valleyview (Atom Z3000 series) and Whiskey Lake U CPUs (8000U series, 5000U series, and 4200U series). These updates must be installed manually by users.
Windows 10 version 1903/1909: KB497165
Windows 10 version 1809: KB4494174
Windows 10 version 1803: KB4494451
Windows 10 version 1709: KB4494452
Windows 10 version 1703: KB4494453
Windows 10 Version 1607: KB4494175
Windows 10 Version 1507: KB4494454 Source: GHacks.net
Add your own comment

11 Comments on Microsoft Releases Microcode Updates Adressing Intel CPU Vulnerabilities under Windows 10

#1
haxzion
"These updates must be installed manually by users. "
The most shocking line in the article.:eek:
Posted on Reply
#2
rtwjunkie
PC Gaming Enthusiast
haxzion
"These updates must be installed manually by users. "
The most shocking line in the article.:eek:
I for one am glad about that. If I’m going to nerf my CPU performance for an ultra-negligible threat, I want to have the choice to do so...or not.
Posted on Reply
#3
TechLurker
The fact it has to be installed by the user is nice; insofar as it's less likely for MS Update to break something else due to a scanning error installing the wrong update for the wrong CPU.

But because it's also user-controlled, it means that it's far less likely to be deployed in general due to being put off, thus slightly increasing the odds that it could be utilized by a malicious actor.
Posted on Reply
#4
londiste
Microsoft information says:
CVE-2019-11091 – Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
CVE-2018-12126 – Microarchitectural Store Buffer Data Sampling (MSBDS)?
CVE-2018-12127 – Microarchitectural Load Port Data Sampling (MLPDS)
CVE-2018-12130 – Microarchitectural Fill Buffer Data Sampling (MFBDS)
Posted on Reply
#5
HugsNotDrugs
That's a really odd combination of CPUs affected.

What do Sandy Bridge EP and Whiskey Lake have in common that other Core series CPUs do not?
Posted on Reply
#6
lexluthermiester
haxzion
"These updates must be installed manually by users. "
The most shocking line in the article.:eek:
Why? Most end users want to avoid the performance hit associated with these patches. Making it a manual install means that only those who have a need for them will install them.

rtwjunkie
If I’m going to nerf my CPU performance for an ultra-negligible threat, I want to have the choice to do so...or not.
This sums things up very well.
Posted on Reply
#7
Red_Machine
HugsNotDrugs
That's a really odd combination of CPUs affected.

What do Sandy Bridge EP and Whiskey Lake have in common that other Core series CPUs do not?
If you look at the KB article, it lists more CPUs. The ones mentioned in this post are just the CPUs that have had the microcode patches added to the update installer since it was originally posted.
Posted on Reply
#8
Readlight
I already installed new HP bios
Posted on Reply
#9
lexluthermiester
Readlight
I already installed new HP bios
This is the better option..
Posted on Reply
#10
Jism
it's still an OS based fix; change OS and you still have those exploits.
Posted on Reply
#11
lexluthermiester
Jism
it's still an OS based fix; change OS and you still have those vulnerabilities.
Fixed and True.
Posted on Reply
Add your own comment