Microsoft has released out-of-band security updates for vulnerabilities in Intel CPUs, specifically for ‘Memory Mapped I/O Stale Data (MMIO)’ information disclosure vulnerabilities.
Intel had initially disclosed the Mapped I/O side-channel vulnerabilities on June 14th, 2022, warning that these flaws could allow processes running in a virtual machine to access data from another virtual machine.
Microsoft’s advisory shows that no security updates were released except for mitigations applied for Windows Server 2019 and Windows Server 2022. However, Microsoft has released a somewhat confusing set of security updates for Windows 10, Windows 11, and Windows Server that address these vulnerabilities.
These vulnerabilities are being tracked under the following CVEs: CVE-2022-21123 – Shared Buffer Data Read (SBDR), CVE-2022-21125 – Shared Buffer Data Sampling (SBDS), CVE-2022-21127 – Special Register Buffer Data Sampling Update (SRBDS Update), and CVE-2022-21166 – Device Register Partial Write (DRPW).
Microsoft has also published ADV220002 as part of the June Patch Tuesday, providing information on the types of scenarios that these vulnerabilities could impact.
These vulnerabilities could allow an attacker to read privileged data across trust boundaries, and in shared resource environments, such as in some cloud services configurations, these flaws could enable one virtual machine to improperly access information from another.
The updates released by Microsoft are being offered as manual updates in the Microsoft Update Catalog. The support bulletins are unclear if they are new Intel microcodes or other mitigations that will be applied to devices.
These updates are likely being released as optional, manual updates because the mitigations for these vulnerabilities can cause performance issues. Moreover, the flaws may not be entirely resolved without disabling Intel Hyper-Threading Technology (Intel HT Technology) in some scenarios.
Therefore, it is strongly recommended to read both Intel’s and Microsoft’s advisories before applying these updates.
