Cumulative Update KB4494441 Windows 10 v1809 Build 17763.503 - May 14 Win Update

See : Intel Side Channel Vulnerability MDS

On May 14, 2019, Intel and other industry partners shared details and information about a new group of vulnerabilities collectively called Microarchitectural Data Sampling (MDS).

First identified by Intel’s internal researchers and partners, and independently reported to Intel by external researchers, MDS is a sub-class of previously disclosed speculative execution side channel vulnerabilities and is comprised of four related techniques. Under certain conditions, MDS provides a program the potential means to read data that program otherwise would not be able to see. MDS techniques are based on a sampling of data leaked from small structures within the CPU using a locally executed speculative execution side channel. Practical exploitation of MDS is a very complex undertaking. MDS does not, by itself, provide an attacker with a way to choose the data that is leaked.

MDS is addressed in hardware starting with select 8th and 9th Generation Intel® Core™ processors, as well as the 2nd Generation Intel® Xeon® Scalable processor family. More details can be found here. We expect all future Intel® processors include hardware mitigations addressing these vulnerabilities.

Assessing Risk

Exploiting the MDS vulnerabilities outside the controlled conditions of a research environment is a complex undertaking. MDS vulnerabilities have been classified as low to medium severity per the industry standard CVSS, and it’s important to note that there are no reports of any real world exploits of these vulnerabilities.

As technologies become more and more complex, we believe it takes the ecosystem working together to keep products and data more secure. We appreciate the research community and our industry partners for their contributions and coordinated disclosure of these issues.

Cliff S said:

See : Intel Side Channel Vulnerability MDS

Thanks. I don't have the modern CPUs providing hardware mitigation. The article states For products where MDS is not addressed in hardware, Intel is releasing processor microcode updates (MCU) as part of our regular update process with OEMs. There is no chance of Gigabyte providing support for my older motherboard unless Intel can offer direct updates.

Nobody is going to attack using MD5 on normal Joe home user. It's just too complicated.

One of the best things anyone can do is keep their ME Firmware(an autonomous subsystem on the CPU itself)and Management Engine Interface (Driver) updated to help prevent remote access, and many of the vulnerabilities even need physical access to the machine. And I believe if someone has physical access to the machine for a home user, they'll steal the machine before trying to use a vulnerability

khanmein said:

Did you notice the Intel® TPM Provisioning Service is enabled by default?

Set to automatic.
I hope it's enabled by default, as it's important to Windows security: https://docs.microsoft.com/en-us/win...s-uses-the-tpm

Steve C said:

Thanks. I don't have the modern CPUs providing hardware mitigation. The article states For products where MDS is not addressed in hardware, Intel is releasing processor microcode updates (MCU) as part of our regular update process with OEMs. There is no chance of Gigabyte providing support for my older motherboard unless Intel can offer direct updates.

Intel has never up till now released MCU directly to end users. It provides its updates to OEMs and OS vendors.
If you want to check your CPU status, according to Intel's plans for updated MCU, check the latest Intel Microcode Revison Guidance