Microsoft releases KB4558130 and KB4497165 to fix Intel CPU security issues
Microsoft has released two security updates for the company's Windows 10 and Windows Server operating systems to address security flaws found in many Intel processors. The updates address issues related to the Spectre and Meltdown flaws discovered in 2018,
Tip: you can find out if your systems are affected by the security issues in several ways. On Windows, you can use PowerShell or a third-party program like InSpectre, and if you are using Linux, you may find this checkup tool useful.
The updates that Microsoft released this week are for the following operating system versions:
- KB4558130: Windows 10 version 2004 and Windows Server version 2004.
- KB4497165: Windows 10 version 1903 and 1909, Windows Server version 1903 and 1909.
The updates address the following flaws:
- CVE-2019-11091 – Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
- CVE-2018-12126 – Microarchitectural Store Buffer Data Sampling (MSBDS)?
- CVE-2018-12127 – Microarchitectural Load Port Data Sampling (MLPDS)
- CVE-2018-12130 – Microarchitectural Fill Buffer Data Sampling (MFBDS)
Microsoft notes that Intel has "completed software validations" and released new microcode for "current CPU platforms" to fix these threats.
The updates should only be installed on systems with affected processors. You need to check the support page on the Microsoft website to find out if the installed processor on a system is supported by the update.
Since the flaws affect most Intel processors released by the company in recent time, it is very likely that the processor is on the list (unless it is very old or rare).
How to obtain the update
Microsoft plans to make the update available via Windows Update, but only for "some select products (CPUs)". The company does not reveal the names of the processors. If you check on Windows Updates and don't see the update, you need to download it from the company's Microsoft Update Catalog website to download and install it manually.
Direct download links:
Note that you need to verify that the CPU of the system is supported by the updates before you start the process to avoid any issues.
Now You: Have you installed Intel microcode updates on your systems?
I feel like these vulnerabilities never really became active in the wild. They were proof of concepts that simply were too difficult to use in the wild. We as end users paid more of price installing these fixes that slowed down what hardware we paid for. I never installed any of them except for a couple firmware updates but I installed those to address other more specific issues that affected me. Everyone talked about these until we were sick of reading about them. Then we never read another thing about them being used in the wild.
Well Gibson’s In Spectre says my machine is protected, performance is good and there are this updates available.
How big is the risk anyway for a normal home user? I will pass it.
Avoid them. These are theoretical exploits, and if you’ve got something which attempts to laverage them on your machine, you’ve got bigger problems to worry about.
Another “protective veneer to security check”, as long as this doesn’t mean some clumsy interpolation in my CPU I’m okay with it.
Ahh. So Intel fixes their processors in this way. Hmmm. They release new generation of processors in 10nm, but cannot fix their holes on hardware level.
Ha! Ice Lake for the w…. You know, I *was* going to write, “Ice Lake for the win!”, but that’s more properly reserved for AMD CPUs in this context, so let’s make it, “Ice Lake for the non-loss this time ’round!”
Seriously, though: if my CPU hadn’t been spared, I would *really* want to know what the expected performance penalty would be, “this time ’round.”
Yes, I already did IN 2018 and after I read your article from today I installed KB4558130 the latest patch directly. Thanks for this article, Martin.
I have maybe a strange question for you Martin.
I am now wondering or tomorrow when its patch Tuesday that Microsoft will install again KB4558130 and when they do that, what can go wrong than?
Any idea on that subject Martin (Or anybody else who knows this)?
I think that in this point in time you might as well slap a big chunk of cold stale oatmeal porridge on your intel CPU for at least some layer of protection.
Microsoft has released 8 Intel CPU security fixes :
KB4558130: Intel microcode updates for Windows 10 2004
KB4497165: Intel microcode updates for Windows 10 1909 and 1903
KB4494174: Intel microcode updates for Windows 10 1809
KB4494451: Intel microcode updates for Windows 10 1803
KB4494452: Intel microcode updates for Windows 10 1709
KB4494453: Intel microcode updates for Windows 10 1703
KB4494175: Intel microcode updates for Windows 10 1607
KB4494454: Intel microcode updates for Windows 10 1507
This. They have releases for (almost?) every Windows 10 version. AFAIK these won’t be pushed through WU.
It’s that time of year to make your Intel PC slower again. YAY!
Anyone knows what is meant by the number in parenthesis?
Intel CPU products updated on September 1, 2020
Coffee Lake H (8+2) ?
Is it safe to assume i7-8750H is still vulnerable without this update?
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]
“FeatureSettingsOverride”=dword:00000003
“FeatureSettingsOverrideMask”=dword:00000003
https://i.imgur.com/fp7927V.png
Just disable them. You might have to re-write this .reg manually, as gHacks commenting system modifies the quotation sign (“). In my experience Inspectre did no manage to disable both mitigations; this registry entry is the Microsoft’s official documentation.