Intel microcode updates for Windows 10 and Server products

Intel microcode updates for Windows 10

Microsoft issued a new security advisory for Intel microcode updates for Windows 10 versions 1903 and 1909. The updates also address a known vulnerability behind a Zombieload attack. In addition, a targeted update for Windows Server 2019 version 1903 was also available.

Microsoft released on January 30 a new advisory for revised Intel Microcode updates for the following Intel CPU products:

  • Denverton
  • Sandy Bridge
  • Sandy Bridge E, EP
  • Valley View
  • Whiskey Lake U.

Microsoft recommends organizations apply the necessary updates as soon as possible.

The microcode updates address the following vulnerabilities (fixed in previous versions of CPUs):

  • CVE-2019-11091 – Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
  • CVE-2018-12126 – Microarchitectural Store Buffer Data Sampling (MSBDS)
  • CVE-2018-12127 – Microarchitectural Load Port Data Sampling (MLPDS)
  • CVE-2018-12130 – Microarchitectural Fill Buffer Data Sampling (MFBDS), also known as “Zombieload” attacks.

Also, see Microsoft’s client guidance to help protect against speculative execution side-channel vulnerabilities.

Related articles