Microsoft issued a new security advisory for Intel microcode updates for Windows 10 versions 1903 and 1909. The updates also address a known vulnerability behind a Zombieload attack. In addition, a targeted update for Windows Server 2019 version 1903 was also available.
Microsoft released on January 30 a new advisory for revised Intel Microcode updates for the following Intel CPU products:
- Sandy Bridge
- Sandy Bridge E, EP
- Valley View
- Whiskey Lake U.
Microsoft recommends organizations apply the necessary updates as soon as possible.
The microcode updates address the following vulnerabilities (fixed in previous versions of CPUs):
- CVE-2019-11091 – Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
- CVE-2018-12126 – Microarchitectural Store Buffer Data Sampling (MSBDS)
- CVE-2018-12127 – Microarchitectural Load Port Data Sampling (MLPDS)
- CVE-2018-12130 – Microarchitectural Fill Buffer Data Sampling (MFBDS), also known as “Zombieload” attacks.
Also, see Microsoft’s client guidance to help protect against speculative execution side-channel vulnerabilities.