The Microarchitectural Data Sampling (MDS) vulnerability in Intel CPUs does not seem to go away. Both Microsoft and Intel have been releasing regular OS and firmware updates to fix the problem that exposes on-premises and cloud-based Windows 10 machines to cyber attacks.
The KB4494174 security update includes Intel firmware
You may refer to this guide for a list of Intel processors compatible with the microcode update. Targeted operating systems are Windows 10, version 1809 and Windows Server 2019.
The security update supports these Windows CPUs: Denverton, Sandy Bridge, Sandy Bridge E, EP, Valley View, and Whiskey Lake U. It is critical to install the latest fix now, even if you have downloaded an Intel microcode update before to fix this problem.
To download the KB4494174 fix for your specific OS, you can go to the Microsoft Update Catalog.
The MDS hacking threat
According to a Microsoft security advisory last year, MDS vulnerabilities may let an attacker access sensitive information in a Windows 10, Intel PC without authorization. Organizations that share computing resources in the cloud, such as, to enhance collaboration, are particularly susceptible to this cyber threat.
These vulnerabilities are known as:
CVE-2018-12126 – Microarchitectural Store Buffer Data Sampling (MSBDS)
CVE-2018-12130 – Microarchitectural Fill Buffer Data Sampling (MFBDS)
CVE-2018-12127 – Microarchitectural Load Port Data Sampling (MLPDS)
CVE-2019-11091 – Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
Unprotected offline or standalone PCs are not free of the hacking risk either. That’s because a malicious local actor with access to them can exploit MDS weaknesses and access privileged files. Hackers can also use specially designed system requests to breach on-premises IT infrastructure this way.
While Microsoft and Intel have known about the MDS threat for a while, no customers had reported such an attack by the time the security advisory went online. If the corporations are responding by issuing regular firmware and OS updates, it’s because they’ve assessed the threat to be real.
When a security researcher pointed out a Windows 10 task scheduler vulnerability in 2018, Microsoft moved swiftly to address the issue.
There is no telling when Intel will come up with a processor design that fixes the MDS problem once and for all. Meanwhile, Windows 10 users on vulnerable devices have to keep installing the latest OS and microcode updates to keep their information systems safe.