Microsoft has released Intel microcode updates for Windows 10 versions 1909 and 1903 to address four recently disclosed security threats, including Zombieload.
The microcode updates are the latest installment of Microsoft's efforts to help distribute firmware updates on behalf of the chip maker, addressing a variety of attacks on the optimization process known as speculative execution.
The updates address four microarchitectural data-sampling (MDS) attacks that can exploit store buffers (CVE-2018-12126 aka Fallout), load buffers (CVE-2018-12127), line-fill buffers (CVE-2018-12130, aka the Zombieload attack, or RIDL), and uncacheable memory (CVE-2019-11091).
SEE: 20 pro tips to make Windows 10 work the way you want (free PDF)
While consumers are being encouraged to install Intel's microcode updates, the mitigations for Zombieload have reduced CPU performance by up to 40% on some systems after disabling hyper-threading.
Microsoft indicates in a support page that the new microcode updates are available for Denverton, Sandy Bridge, Sandy Bridge E and EP, Valley View, and Whiskey Lake U chips.
The Whiskey Lake U updates are for Intel's 8th Generation Core CPUs, including the i5-8265U, i3-8145U, and Core 4205U and 5405U.
The Denverton updates fix issues in Intel's Atom E3800 product family, while the Sandy Bridge updates fix Intel's 8th Generation Core processors for desktop, embedded and mobile devices.
The Sandy Bridge E and EP fixes target Intel Core, Celeron, and Pentium server CPUs, while Valley View updates address the issues in Intel Atom Z series processors.
Users need to manually install the updates from the Microsoft Update Catalog as they won't be installed automatically through Windows Update.
"This update also includes Intel microcode updates that were already released for these operating systems at the time of release to manufacturing (RTM)," Microsoft notes.
"We will offer additional microcode updates from Intel through this article for these operating systems as they become available to Microsoft. Use the registry settings as described in the Windows client and Windows Server KB articles."