Some Intel processors have been found to have security vulnerabilities in Memory Mapped I/O (MMIO) which could allow unauthorized access to data by malicious actors.



Microsoft has published security updates, only available in the Microsoft Update Catalog, to address this issue. Impacted Intel processor users are advised to update to Microcode Firmware Update IPU 2022.1 from Intel.

To resolve the problem, users need to update the firmware and software for full protection. Microcode updates for affected Intel processors have been released on the public github repository but may take time to arrive through BIOS updates for some motherboard manufacturers. Microsoft has also released optional security updates to mitigate the vulnerability, but these may cause performance issues.

The reported vulnerabilities are tracked as DRPW (CVE-2022-21166), SRBDS update (CVE-2022-21127), SBDR (CVE-2022-21123), and SBDS (CVE-2022-21125). Not all Intel processors are affected, so users should check the list of impacted processors before taking action.

After the Meltdown and Spectre scandals of last year, users faced yet another danger - ZombieLoad. This vulnerability affected computers with Intel processors, where attackers could remotely steal data. So, what does ZombieLoad consist of?

Intel confirmed that it comprises of four microcode errors in processors from 2011 onwards. This means that all personal computers and cloud servers based on Intel chips are susceptible to hacking. However, devices containing AMD processors are not affected.

ZombieLoad is all about overloading the processor with information that it is unable to handle, causing a reboot, and allowing access to data processed by processor cores. Typically, applications have access to only their own data, but, during an attack, malware can steal user passwords, site visits, and money by accessing payment systems.

Despite this, it is necessary for the victim to download infected software onto their device and run it before an attack can happen. Major corporations such as Apple, Google, Microsoft, and Amazon have implemented updates to protect against this threat. Intel has also released patches that will prevent malware from accessing other applications' data by clearing the processor buffer when overloaded.

To ensure protection, macOS users should upgrade to version 10.14.5, Microsoft has also released a corresponding patch for Windows users through Windows Update, and users of Intel processors should install the new microcode from a special Microsoft website. Moreover, Intel's CEO has created a new Intel Product Assurance and Security working group to combat leaks and find any similar vulnerabilities that may arise in the future.

Large data centers and cloud services may be the primary victims of ZombieLoad, as even a slight drop in productivity for them could be critical. For example, Cisco Systems has reported that 18 of its products, including some server models, are vulnerable. An additional 30 products, including routers, are also at stake.

The security updates released by Microsoft aim to counteract specific vulnerabilities in Intel processors, known for potentially enabling unauthorized access to sensitive data through exploitation.

These vulnerabilities have been identified as critical due to their wide-ranging impact on various Intel processor models, posing significant risks to the security of affected systems. The security updates include comprehensive patches designed to rectify these vulnerabilities at the core level of the operating system, thereby fortifying the defense mechanisms against potential exploitation.

It is imperative for users to expeditiously deploy these security updates to bolster their systems' resilience against malicious attacks that seek to capitalize on these vulnerabilities. Neglecting to implement these updates leaves systems susceptible to infiltration and compromise, potentially leading to severe repercussions.
I strongly emphasize the necessity of remaining vigilant and proactive in promptly applying these security updates. By doing so, individuals and organizations can effectively mitigate the looming threat posed by the Intel processor vulnerabilities, safeguarding their digital infrastructure and upholding the integrity of their data.