At the outset of 2018, the Windows community reeled in the wake of the Spectre and Meltdown vulnerabilities. Recently, Intel has disclosed a new set of chip-level vulnerabilities. On May 14, the company published a support bulletin entitled “Side Channel Vulnerability Microarchitectural Data Sampling.” According to many security experts and Windows watchers — see this Thurott.com article for a reasonably readable severity assessment — the MDS vulnerabiliites are more serious than either Spectre or Meltdown. When mediated, related microcode fixes are also more likely to impose performance penalties on PCs (especially older systems:a recent PCGames.com article cites “a 9% drop” for (n copy) testing, and decreases overall from a minimum of 1% to 7% for other client-side PC tests.
Like their predecessors, the various MDS exploits have colorful names. Meet “Zombieload,” “RIDL,” and “Fallout!”
If Unpatched, What’s The Risk?
Proof of concept exploits have shown themselves able to capture data from CPU-level registers and buffers while programs are executing without restrictions. This means that, properly architected, an exploit can not only capture user-level passwords, acccount info and so forth. It also means they can capture system level credentials as well — such as encryption keys, certificates, hashes and digital signatures. Thus it’s extremely important to patch against this vulnerability as soon as possible.
One Ray of Sunshine: KB4494441
If you’re running the Current Branch version of Windows 10 — Build 17768.503, after KB4494441 is installed — you’re already covered with the current set of microcode updates to protect against the MDS vulnerabilities. That said, other versions of Windows require their users to visit the Microsoft Update Catalog to download their fixes and apply them manually. Here’s a list of what’s available:
Windows client guidance for IT Pros to protect against speculative
Intel Microarchitectural Data Sampling Advisory
Summary of Intel microcode updates
KB4497165 Intel microcode updates for Windows 10 Insider v1903 May 14
Cumulative Update KB4494441 Windows 10 v1809 Build 17763.503 – May 14 (Includes Intel microcode updates for Windows 10 v1809)
KB4494452 Intel microcode updates for Windows 10 v1709 – May 14
KB4494453 Intel microcode updates for Windows 10 v1703 – May 14
KB4494175 Intel Microcode Updates for Windows 10 v1607 – May 14
KB4494454 Intel Microcode Updates for Windows 10 v1507 – May 14
If your version of Win10 isn’t on this list, this could be just the boot in the hindquarters necessary to force an upgrade. This is NOT something to leave unpatched. If your version of Windows IS on this list, follow its link to start patching (or to plan your patch strategy, in business environments where updates occur at fixed intervals on a regular and immutable schedule). ‘Nuff said!
[Note] My thanks to Shawn Brink at TenForums.com who put together the preceding list of links (and the Update Catalog download links for 1903).
Author: Ed Tittel
Ed Tittel is a 30-plus-year computer industry veteran. He’s a Princeton and multiple University of Texas graduate who’s worked in IT since 1981 when he started his first programming job. Over the past three decades he’s also worked as a manager, technical evangelist, consultant, trainer, and an expert witness. See his professional bio for all the details.