Microsoft fixes CPU security flaw in big news today. Microsoft has made a number of updates that address a number of vulnerabilities. These were also recently found in various well-known Intel Processors.
Four vulnerabilities in total, collectively referred to as “Memory Mapped I/O STale Data (MMIO) information exposure problems,” were fixed.
In other words, a threat actor could access (sensitive) data in another virtual machine via a vulnerability in one virtual machine.
READ MORE: Keyamo: Obi Deceiving Nigerians
Microsoft fixes CPU security flaw: accessing private information
CVE-2022-21123 (Shared Buffer Data Read), CVE-2022-21125 (Shared Buffer Data Sampling), CVE-2022-21127 (Special Register Buffer Data Sampling Update), and CVE-2022-21166 are the vulnerabilities that have been identified (Device Register Partial Write).
In a subsequent advisory, Microsoft warned that an attacker who was successful in exploiting these flaws would be able to read privileged data across trust boundaries.
“These flaws could allow one virtual machine to unlawfully access data from another in contexts with shared resources. Like those found in some cloud service configurations. An attacker would need prior access to the system. Or the capacity to run a specially created program on the target system in non-browsing scenarios on standalone systems in order to make use of these vulnerabilities.”
Microsoft added that no updates were ever published. However, with the exception of mitigations for Windows Server 2019 and Windows Server 2022. The Redmond behemoth now intervened on its own. The upgrades for Windows 10, Windows 11, and Windows Server, however, appear to be “rather unclear.” This is according to BleepingComputer: “From the support bulletins, it is unclear if these are new Intel microcodes. Or, perhaps, other mitigations that will be applied to devices.