Since the discovery of the Meltdown and Specter, the security of processors (especially Intel) has plummeted. These two vulnerabilities demonstrated serious flaws at the architecture level in speculative calculations that can be used to steal information while it is being processed. But much more serious is that, given the nature of the failures, these cannot be solved. The only way to protect ourselves is to update their microcode using different CPU patches , although each of them reduces the performance of the processors.
Meltdown and Specter are merely concepts of vulnerabilities. As a result of them, new vulnerabilities are discovered that put users at risk. These vulnerabilities, of course, have to be fixed. And each one that is fixed robs our CPU of valuable performance.
Recently, a group of researchers discovered a new vulnerability in Intel processors, Platypus. This vulnerability is found within the Running Average Power Limit (RAPL) interface , and can be used to monitor and manage CPU and RAM consumption. By doing so, with such precision, it is possible to deduce which instructions are being used, and therefore sensitive information can be stolen from RAM, such as AES keys that are loaded.
New Microsoft patches to protect Intel CPUs
A few hours ago, Microsoft released a new microcode patch to address this vulnerability, as well as other pending ones, on Intel processors. The security flaws that have been fixed this time are:
- CVE-2020-8695 – Intel Running Average Power Limit (RAPL) Interface (known as Platypus).
- CVE-2020-8696 – Vector Register Sampling crash .
- CVE-2020-8698 – Vulnerability in Fast store forward predictor.
Fortunately, these vulnerabilities do not affect all processors. Not even the newest. The affected models and that, therefore, have received this security patch are:
- Avoton (2013 Atom processors).
- Sandy Bridge (Intel processors released in 2011).
- Valley View (2012 Atom processors).
- Baytrail (Pentium, Atom, and Celeron processors released between 2013 and 2016).
If you don’t know what processor your PC has, we recommend using a free program called CPU-Z . In the “Code Name” section we can see the processor code and, therefore, know if it is vulnerable or not.
Download CPU patch
End of support for many versions of Windows aside, Microsoft has brought this patch to all versions of Windows 10 . Both users who are still using 1507 (Windows 10 RTM) and users using version 20H2 of the operating system. In addition, computers with affected processors using Windows Server have also received these emergency updates.
The patches can be found within the Microsoft Update Catalog, although the fastest and most convenient way is to download them from Windows Update . This update will only appear in Update if we have one of the vulnerable CPUs. Otherwise, we will not see it and, therefore, it will not be necessary to install it on our PC. After installing the patch it will be necessary to restart the PC.
If we are concerned about our security, it is recommended to install these updates as soon as possible. Of course, keep in mind that similar microcode patches released in the past have shown performance issues with patches on older CPUs, and even PC crashes. We must install the updates at our own risk.
In case of many problems after updating your computer, we recommend uninstalling the update. Given the nature of this type of CPU errors, sometimes it is better to assume a certain insecurity (taking extreme precautions on our part) before our PC goes slow or has problems.
