Oh boy, here we go again! Microsoft and Intel have published fresh security advisories regarding a list of new CPU vulnerabilities affecting the Core lineup of processors.
These security flaws affect a CPU’s memory-mapped I/O and are hence collectively called “MMIO Stale Date Vulnerabilities.” A threat actor can read privileged information on a compromised system upon successfully exploiting these flaws on the given chips.
Redmond published its security advisory on this new vulnerability, describing how potential attack scenarios can unfold.
“An attacker who successfully exploited these vulnerabilities might be able to read privileged data across trust boundaries. In shared resource environments (such as exists in some cloud services configurations), these vulnerabilities could allow one virtual machine to improperly access information from another. In non-browsing scenarios on standalone systems, an attacker would need prior access to the system or an ability to run a specially crafted application on the target system to leverage these vulnerabilities.”
According to the software titan, several versions of its operating system are affected, including both client and server variants. These include usual suspects like Windows 11, Windows 10, Windows 8.1, Windows Server 2022, Windows Server 2019, and Windows Server 2016.
The table below lists the affected processors alongside their respective mitigations, providing a view of where things have gone wrong.
Intel has also put up the full list of affected CPU models on its official website, which you can scan to get a more accurate idea of whether your processor is affected by this new security flaw.
Meanwhile, as we wait for a fix for Windows, Linux has already been patched.
Hopefully, the Windows one is not too far behind.
