Back in June of 2022, Intel and Microsoft issued a warning about security vulnerabilities related to the CPU's memory-mapped I/O (MMIO), which are called "MMIO Stale Data Vulnerabilities" collectively. A threat actor, upon successful exploitation of a vulnerable system, can read privileged information on such a machine.
Last month, updated mitigations were released for several versions of Windows 10 and Windows 11. A few days back, Microsoft and Intel have now updated the files for Windows 10 version 1507 (which is the original release) as well as for Windows Server 2016. Microsoft on its support document described the vulnerability:
Summary
Intel has released “Intel Processors MMIO Stale Data Advisory”. This security advisory states that potential security vulnerabilities exist in Memory Mapped I/O (MMIO) for some Intel processors which might allow information disclosure.
Improvements
Intel Platform Update (IPU) 2022.1 that is dated June 2022 contains fixes for security vulnerabilities including Memory-Mapped I/O (MMIO) Side-Channel Attack.
The updates can be manually downloaded from Microsoft Update Catalog website at the links below:
- KB5019179 - Windows 10 version 1507 - Microsoft Update Catalog
-
KB5019182 - Windows Server 2016 - Microsoft Update Catalog
In case you are wondering, these will download the necessary updated DLL files on your system. For Windows 10 1507 (x86), the file name and versions are mcupdate_GenuineIntel.dll and 10.0.10240.19807. Meanwhile for x64, the file name and versions are
Likewise, for Windows Server 2016, the file name and versions are mcupdate_GenuineIntel.dll and 10.0.14393.5793 for x86, and for x64, they are mcupdate_GenuineIntel.dll and 10.0.14393.5793.
