On November 10, Microsoft rolled out KB4589212. That support note is entitled “Intel microcode updates for Windows 10, version 2004 and 20H2, and Windows Server, version 2004 and 20H2.” It is currently available only from the Microsoft Update Catalog, where a search on KB4589212 provides links to related downloads. As you can see from the following screencap, KB4589212 offers Intel microcode updates as downloads that apply to Windows Server and Windows 10 for X64 and X86 systems, versions 20H2 and 2004.
If you read the note, you’ll see this update applies to all Intel processors back to Ivy Bridge (circa 2011-2012).
[Click image for full-sized view.]
If KB4589212 Offers Intel Microcode Updates, What’s Covered?
In addition to covering most Intel processors still in use back to Ivy Bridge (which is as old as anything I’ve got, from the 2012 mini-ITX box), this microcode update covers 7 different CVE items (3 from 2018, 2 from 2019, 3 from 2020). Here’s that table of items, plucked verbatim from the Microsoft Support note:
CVE number | CVE title |
CVE-2018-12126 | Microarchitectural Store Buffer Data Sampling (MSBDS) |
CVE-2018-12127 | Microarchitectural Load Port Data Sampling (MLPDS) |
CVE-2018-12130 | Microarchitectural Fill Buffer Data Sampling (MFBDS) |
CVE-2019-11091 | Microarchitectural Data Sampling Uncacheable Memory (MDSUM) |
CVE-2020-8695 | Intel® Running Average Power Limit (RAPL) Interface |
CVE-2020-8696 | Vector Register Sampling active |
CVE-2020-8698 | Fast store forward predictor |
I’ve run this on half-a-dozen different 20H2 PCs of all vintages from 2012 to 2019 with no ill effects. This one’s definitely worth downloading and installing sooner, rather than later. That said, note that microcode vulernabilities do require physical access to PCs to foist. Once foisted, though. they’re mostly indetectible and difficult to remove, too. Take no chances: schedule this update for your next maintenance window. You can access the CVE links in the preceding table to learn more about the vulnerabilities involved. In fact, the most recent CVE is fascinating: it decrypts data based on detailed voltage consumption over time simply by carefully monitoring and plotting CPU power usage. Zounds!