New “Downfall” Vulnerability Threatens Windows Devices – Microsoft Acts Swiftly

1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 5.00 out of 5)
Downfall Vulnerability

Instructions on addressing a security issue in Windows, known as the gather data sampling (GDS) or Downfall vulnerability, have been recently released by Microsoft.

This vulnerability, known as CVE-2022-40982, affects Windows 10 and 11 operating systems, Windows Server versions 2019 and 2022, as well as specific Intel processor versions. Recent Intel chips like Raptor Lake, Sapphire Rapids, and Alder Lake are unaffected.

Successfully exploiting the vulnerability could enable – “data inference from impacted CPUs across security barriers, like TEE (trusted execution environments), virtual machines, processes, and user-kernel.”

To protect your computer from potential exploits related to this vulnerability, Microsoft has provided guidance in a document called KB5029778. This document explains – “How IT administrators can set up safeguards” and also “How to turn off these guards if needed.”

To fix the issue, administrators need to install an update called “Intel Platform Update 23.3 microcode.” This update is usually provided by the manufacturer that made the equipment, so you should contact them for information on how to get and install it. You can find a list of companies and links for the update on Intel’s web presence.

The protective measures are automatically turned on when the update is installed. While it is generally not recommended to turn off these measures, it might be necessary sometimes.

Microsoft allows you to disable the protective measures if the vulnerability is not part of the threat model and if these updates are installed on your computer:

  • For Windows 10 and 11: You should have the updates from August 22, 2023, or later.
  • For Windows Server: You should have the updates from September 12, 2023, or later.

To disable the protective measure, open the command prompt with administrator privileges and enter the “reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management” /v FeatureSettingsOverride /t REG_DWORD /d 33554432 /f” command.

Users who want to disable the protection manually can do so through Registry Editor:

  • Click Search, placed on the taskbar.
  • Type Registry Editor and press Enter.
  • If the User Account Control dialog box appears, click Yes.
  • The Registry Editor window will appear.
  • Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management. If you cannot find this key, perform these steps:
  • Right-click on the prior key.
  • From the list, select ADD, and click New.
  • Create a path and name it accordingly.
  • Right-click Memory Management.
  • From the list, select New, and click Dword (32-bit) Value named FeatureSettingsOverride.
  • To set the value of the newly created Dword, double-click on it and enter 2000000 in hexadecimal format.
  • Initiate a system restart.

Remember that disabling these protective measures makes your computer vulnerable again, so even if it slightly impacts performance, it is essential to take these steps to protect your computer and data.

To reverse the changes, delete the Dword from the Registry Editor.

Security Services to Keep Your Website, Organization, Data and Privacy Safe and Secure from Data Theft, Vulnerability, Data Breaches, Malwares and more.

Know More About Web and App Security Services
Janki Mehta

Janki Mehta

Janki Mehta is a passionate Cyber-Security Enthusiast who keenly monitors the latest developments in the Web/Cyber Security industry. She puts her knowledge into practice and helps web users by arming them with the necessary security measures to stay safe in the digital world.