In early August, according to reports, security vulnerabilities were found in certain Intel and AMD CPUs. A recent development from Microsoft, specifically mentioned in KB5029778, underscores this concern. The impact of this issue extends to all iterations of Windows 10 and Windows 11 that utilize these integrated CPUs. Microsoft offers guidance on how to address or deactivate and mitigate this vulnerability. According to Microsoft’s statement: “It’s important to note that the most recent Intel products, such as Alder Lake, Raptor Lake, and Sapphire Rapids, incorporate defense-in-depth mechanisms and remain unaffected by this vulnerability.”
Microsoft acknowledges the emergence of a novel transient execution attack referred to as “Gather Data Sampling” (GDS) or “Downfall.” This susceptibility has the potential to extract data from compromised CPUs, traversing security barriers such as user-kernel partitions, processes, virtual machines (VMs), and trusted execution domains. See: Fix KB5027231/KB5027223/KB5027219 Breaking Issues in Windows 11, 10.
Table of Contents
KB5029778 to manage CVE-2022-40982 vulnerability
The mitigation detailed in this article is activated by default, but you also have the choice to deactivate it. The company strongly advises taking prompt action to address the vulnerability.
Please take note that Intel’s most recent offerings, such as Alder Lake, Raptor Lake, and Sapphire Rapids, incorporate comprehensive security measures and remain unaffected by this vulnerability.
In order to address the vulnerability linked to CVE-2023-40982, it is advised to apply the Intel Platform Update (IPU) version 23.3 microcode update. Usually, you can acquire this update from your respective original equipment manufacturer (OEM). A list of OEMs is available under System Manufacturers. There is no additional action needed to counter the vulnerability.
How to Disable the Mitigation
If you don’t perceive Gather Data Sampling (GDS) as a factor within your threat model, you could opt to deactivate the mitigation in a bare-metal setting.
Please be aware that excluding the current implementation, the deactivation of mitigation while Hyper-V (Virtualization) is enabled is not within the scope.
In order to deactivate the GDS mitigation in Windows (KB5029778), you should ensure that the following components are installed, tailored to your specific environment:
- For compatible Windows 10 and Windows 11 setups, it’s imperative to have installed a Windows update released on or after August 22, 2023.
- For applicable Windows Server environments, it’s necessary to have applied a Windows update released on or after September 12, 2023.
Once the suitable Windows update has been installed, it becomes essential to configure the subsequent feature flag within the registry:
Registry location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
Value name: FeatureSettingsOverride
Value type: REG_DWORD
Value data: 0x2000000 (hex)
In case this registry value isn’t present, execute the following command to deactivate the GDS mitigation:
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 33554432 /f
The update is applicable to:
Windows 10 Education, v1607
Windows 10 Professional v1607
Windows 10 Enterprise, v1607
Windows 10 Enterprise, v1809
Windows 10 Professional Education v1607
Windows 10 Pro Education, v1607
Windows Server 2019
Windows Server 2022
Windows 10 Home and Pro, v21H2
Windows 10 Enterprise and Education, v21H2
Windows 10 IoT Enterprise, v21H2
Windows 10 Home and Pro, v22H2
Windows 10 Enterprise Multi-Session, v22H2
Windows 10 Enterprise and Education, v22H2
Windows 10 IoT Enterprise, v22H2
Windows 11 Home and Pro, v21H2
Windows 11 Enterprise Multi-Session, v21H2
Windows 11 Enterprise and Education, v21H2
Windows 11 IoT Enterprise, version 21H2
Windows 11 Home and Pro, version 22H2
Windows 11 Enterprise Multi-Session, v22H2
Windows 11 Enterprise and Education, v22H2
Windows 11 IoT Enterprise, v22H2
Source: Release note.
That’s all!!