Microsoft has released new patches to resolve security vulnerabilities in Intel CPUs. The updates KB4558130 and KB4497165 are now available for Windows 10 version 2004, Windows 10 version 1909 and version 1903.
The updates were released on September 1st, and affect the following Intel products:
- Amber Lake Y
- Amber Lake-Y/22
- Avoton
- Broadwell DE A1
- Broadwell DE V1
- Broadwell DE V2, V3
- Broadwell DE Y0
- Broadwell H 43e
- Broadwell Server E, EP, EP4S
- Broadwell Server EX
- Broadwell U
- Broadwell Y
- Broadwell Xeon E
- Cascade Lake
- Cascade Lake Server
- Cascade Lake-W
- Coffee Lake H (6+2)
- Coffee Lake S (6+2)
- Coffee Lake U43e
- Coffee Lake H (8+2)
- Coffee Lake S (4+2)
- Coffee Lake S (4+2) x/KBP
- Coffee Lake S (4+2) Xeon E
- Coffee Lake S (4+2) Xeon E (U0)
- Coffee Lake S (6+2) x/KBP
- Coffee Lake S (6+2) Xeon E
- Coffee Lake S (6+2) Xeon E (U0)
- Coffee Lake S (8+2)
- Coffee Lake S (8+2) x/KBP
- Coffee Lake S (8+2) Xeon E (R0)
- Coffee Lake S/H (8+2) [R0]
- Comet Lake U42
- Comet Lake U62
- Haswell Desktop
- Haswell H / Haswell Perf Halo
- Haswell Server EX
- Haswell U
- Haswell Xeon E3
- Kaby Lake G
- Kaby Lake H
- Kaby Lake Refresh U 4+2
- Kaby Lake S
- Kaby Lake U
- Kaby Lake U23e
- Kaby Lake X
- Kaby Lake Xeon E3
- Kaby Lake Y
- Skylake H
- Skylake S
- Skylake Server
- Skylake U
- Skylake U23e
- Skylake Xeon E3
- Skylake Y
- Valley View / Baytail
- Whiskey Lake-U42
A potential security vulnerability in CPUs may allow information disclosure. Intel is has released Microcode Updates (MCU) updates to mitigate this potential vulnerability.
Vulnerability Details
CVEID: CVE-2018-12126
Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
CVEID: CVE-2018-12127
Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
CVEID: CVE-2018-12130
Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
CVEID: CVE-2019-11091
Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
The patches KB4558130 for Windows 10 version 2004, and KB4497165 for Windows 10 version 1909/1903 include microcode updates that fix the above flaws.
Download KB4558130 and KB4497165
The packages can be obtained from the Microsoft Update Catalog website. For some select products (CPUs) it is available through Windows Update. It will be downloaded and installed automatically.
Support us
Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options: