Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Microsoft, Intel issue urgent warnings about MMIO Stale Data vulnerability on Windows 11, 10
These security flaws are related to the memory mapped I/O (MMIO) component of the CPU, and are therefore collectively known as "MMIO Stale Data Vulnerabilities". After successfully abusing a vulnerable system, a threat actor can simply read privileged information on the system.
In the recently released ADV220002 security advisory document, Microsoft describes the following potential attack scenarios:
'An attacker who successfully exploited these vulnerabilities could read privileged data on the system across trust boundaries. In shared resource environments (such as in some cloud service configurations), these vulnerabilities could allow one virtual machine to improperly access information from another. Given the situation on standalone systems, an attacker would need prior access to the system or the ability to run a specially designed application on the target system to take advantage of these vulnerabilities.
The list of vulnerabilities that have been documented and tracked includes:
- CVE-2022-21123 - Shared Buffer Data Read (SBDR)
- CVE-2022-21125 - Shared Buffer Data Sampling (SBDS)
- CVE-2022-21127 - Special Register Buffer Data Sampling Update (SRBDS Update)
- CVE-2022-21166 - Device Register Partial Write (DRPW)
Microsoft, Intel issue urgent warnings about MMIO Stale Data vulnerability on Windows 11, 10 Picture 1
MMIO uses the processor's physical memory address space to access I/O devices, which can respond as memory elements. According to the security advisory document INTEL-SA-00615, Intel has also described in more detail how the vulnerability can be exploited using the CPU's uncached cache data:
The MMIO Stale Data vulnerabilities are a type of memory-mapped I/O (MMIO) vulnerability that can expose data. When a processor core initiates an MMIO read or write process, the transaction is typically performed with non-storable or write-associated memory types and is passed through non-volatile memory, which is a logical part in the shared CPU. shared by the processor cores and provides a number of common services.
[.] These vulnerabilities involve a series of operations that result in stale data being read directly into the architecture, software-visible state, or sampled from buffers or registers. In some attack cases, stale data may already be in the microarchitecture cache. For other attack scenarios, malicious actors can transfer data from microarchitecture locations such as fill buffers.
Analysis from Microsoft shows that the following versions of Windows may be affected by the vulnerability:
- Windows 11
- Windows 10
- Windows 8.1
- Windows Server 2022
- Windows Server 2019
- Windows Server 2016
The list of affected CPUs along with the corresponding mitigation measures are given as follows:
Microsoft, Intel issue urgent warnings about MMIO Stale Data vulnerability on Windows 11, 10 Picture 2
The full list of affected CPU models can be found on Intel's official website, in the 2022 section.
Samuel DanielYou should read it
- Serious security vulnerability on Intel chips
- New dangerous vulnerability in Intel CPU: Works like Specter and Meltdown, threatening all PCs and the cloud
- Intel continues to have a Plundervolt security vulnerability that reduces CPU voltage
- Intel's chip has eight new serious vulnerabilities
- Intel has overcome serious vulnerabilities in graphics drivers for Windows
- Foreshadow - the fifth most serious security hole in the CPU in 2018
- Microsoft and Intel cooperated to provide microcode updates for the CPU via Windows updates
- The new vulnerability on Intel allows hackers to take control of your computer within 30 seconds
- AMD and ARM both warned of security flaws like Intel processors
- Microsoft expert discovered a series of serious code execution errors in IoT, OT devices
- Microsoft rewards $ 250,000 for any talent that discovers the new Meltdown and Specter vulnerabilities
- Microsoft fixes 8 critical vulnerabilities
Maybe you are interested
How to master numerical data in Google Sheets with the AVERAGE function
How to delete white space in a table in Word - Appears right below the data
Detected a new data theft campaign targeting AnyDesk users
How to update Excel PivotTable data
Detection of malicious code infecting the web browsers of 300,000 PCs, silently stealing user data
One of the worst data leaks in the history of cybersecurity has just been exposed
Attack the network
An Ultimate Guide On Cloud Ransomware And How To Prevent It- Detecting a new strain of malicious code that abuses Windows Installer to deploy infection activities
- Warning: Ransomware is spreading through fake malicious Windows updates
- Warning: Quantum Ransomware is being rapidly deployed in lightning attacks
- HP publishes a series of critical vulnerabilities in the Teradici PCoIP protocol
- Notorious hacker group Hafnium deployed malicious code to target Windows, Microsoft stood still
An Ultimate Guide On Cloud Ransomware And How To Prevent It
Detecting a new strain of malicious code that abuses Windows Installer to deploy infection activities
Warning: Ransomware is spreading through fake malicious Windows updates
Warning: Quantum Ransomware is being rapidly deployed in lightning attacks
HP publishes a series of critical vulnerabilities in the Teradici PCoIP protocol
Notorious hacker group Hafnium deployed malicious code to target Windows, Microsoft stood still