|
NOTE This article applies to all supported versions of Windows operating systems that run on affected Intel CPUs. |
Introduction
Microsoft is aware of a new transient execution attack named gather data sampling (GDS) or "Downfall." This vulnerability could be used to infer data from affected CPUs across security boundaries such as user-kernel, processes, virtual machines (VMs), and trusted execution environments.
For more information about this vulnerability, see INTEL-SA-00828 security advisory and CVE-2022-40982.
Mitigate the vulnerability
IMPORTANT The mitigation described in this article is Enabled by default with no option to disable it. We recommend that you mitigate the vulnerability as soon as possible.
Note Intel’s latest products including Alder Lake, Raptor Lake, and Sapphire Rapids, have defense-in-depth measures in place and are not affected by this vulnerability.
To mitigate the vulnerability associated with CVE-2023-40982, install the Intel Platform Update (IPU) 23.3 microcode update. Typically, you need to obtain this update from your original equipment manufacturer (OEM). For a list of OEMs, see System Manufacturers. No further action to mitigate the vulnerability is required.
|
IMPORTANT Please refer to Intel for the most up-to-date information on GDS related Microcode and Firmware support from OEMs. |
References
Gather Data Sampling Technical Paper
Threat Analysis Assessment for GDS Paper
Gather Data Sampling Performance Data Analysis Paper Intel Security Advisory: INTEL-SA-00828
|
Change date |
Change description |
|
September 1, 2023 |
Removed the content to disable the GDS mitigation as that option is no longer available. |
|
September 12, 2023 |
Added a note to the top of the article stating this article applies to supported Windows operating systems which run on the affected Intel CPUs. Updated the "Applies to" section to apply to the general Windows versions. Updated the IMPORTANT note at the bottom of the article to refer to Intel for the most up-to-date information on GDS. |
The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. We make no warranty, implied or otherwise, about the performance or reliability of these products.
We provide third-party contact information to help you find technical support. This contact information may change without notice. We do not guarantee the accuracy of this third-party contact information.
