[German]In August, the so-called Downfall vulnerability in processors had become known, which allows information to be leaked. Now Microsoft has updated its support post with notes about the downfall vulnerability in Windows and removed information on how to disable the protections. Furthermore, after installing the August 2023 preview updates, there was an issue with Windows delivering individual users into an UNSUPPORTED_PROCESSOR Bluescreen. The motherboard manufacturer MSI has now delivered a BIOS update that is supposed to correct this problem. Here is an overview of these two issues.
Downfall recommendations revised
There is a critical vulnerability CVE-2022-40982 in Intel's processors that allows so-called downfall attacks (see here). A downfall attack allows data theft that this vulnerability allows a user to access and steal data from other users of the same machine. Passwords and other sensitive information are at risk as a result.
There is both a security advisory and firmware updates for the affected processors from Intel. The microcode updates are probably already integrated in Linux distributions. Microsoft has also followed suit with Windows and delivered fixes via updates (see Windows August 2023 preview updates with protection against downfall attacks (CVE-2022-40982)).
Von Intel gibt es sowohl einen Sicherheitshinweis als auch Firmware-Updates für die betroffenen Prozessoren. In Linux-Distributionen sind die Microcode-Updates wohl bereits integriert. Auch Microsoft hat mit Windows nachgezogen und Fixes per Update ausgeliefert (see articles about preview updates at the articles end).
Microsoft also provides support article KB5029778 (How to manage the vulnerability associated with CVE-2022-40982), which describes mitigation measures by installing the microcode update and activating it. Now Microsoft has updated this support post to September 5, 2023, and now writes that the mitigation measure for the vulnerability is now enabled by default and cannot be disabled. The previously included references to registry entries to disable it have been removed from the support article (neowin.net has an archived version of the old support article).
MSI BIOS update due to UNSUPPORTED_PROCESSOR problem
After installing the August 22, 2023 preview updates, some users ran into the problem of Windows causing an UNSUPPORTED_PROCESSOR BlueScreen. I had reported this error in the blog post Windows 10/11: UNSUPPORTED_PROCESSOR error caused by preview updates (August 22, 2023). After an investigation by Microsoft and MSI, it turned out that it was probably MSI's fault and there was a recommendation not to install the updates in question.
Via the above tweet and this article, I came across that board manufacturer MSI has provided a BIOS update that should avoid this error. MSI has published the details in an article Updated BIOS fixes Error Message "UNSUPPORTED_PROCESSOR" caused BSOD on MSI's Intel 700 and 600 Series Motherboards. So if you have problems with the above error with the updates mentioned at the end of the article, and you have a motherboard from MSI, you should check your BIOS and update it if necessary. This should be relevant for the September 2023 patchday, coming Tuesday.
Windows 11 22H2: Preview Update KB5029351 (August 22, 2023)
Windows 11 21H2: Preview-Update KB5029332 (August 22, 2023)
Windows 10 22H2 Preview Update KB5029331 (August 22, 2023)
Windows 10/11: UNSUPPORTED_PROCESSOR error caused by preview updates (August 22, 2023)
Cookies helps to fund this blog: Cookie settings