Microsoft reveals how to mitigate the Downfall vulnerability affecting Intel processors running Windows 10 and Windows 11

Following on from the Meltdown flaw and other related vulnerabilities, a more recent security issue was discovered in the form of Downfall. Tracked as CVE-2022-40982, exploitation of the flaw is known as a transient execution attack and it affects Intel CPUs.

Microsoft has not only acknowledged that the problem exists, but has now provided details of mitigation techniques that can be used. In security advisory KB5029778, the company gives instructions for users of Windows 10, Windows 11 and Windows Server.

See also:

• MSI reveals workaround for UNSUPPORTED_PROCESSOR errors in Windows 11 after KB5029351 update
• Microsoft brings some of Windows 11 to Windows 10 users with the KB5029331 update
• Microsoft releases KB5029351 update for Windows 11, changing default app options, introducing optional update changes, improving search, and much more

Microsoft explains that more recent Intel chips -- such as Alder Lake, Raptor Lake and Sapphire Rapids -- are not affected by Downfall, but says that it is aware of a new transient execution attack named gather data sampling (GDS) or "Downfall".

The company adds:

This vulnerability could be used to infer data from affected CPUs across security boundaries such as user-kernel, processes, virtual machines (VMs), and trusted execution environments.

The mitigation is a simple matter of installing the Intel Platform Update (IPU) 23.3 microcode update which can be obtained from OEM. Microsoft acknowledges that not everyone will consider GDS to be part of their threat model. As such, it also provides details of how to disable the mitigation:

To disable the GDS mitigation in Windows, you must have the following installed, as appropriate for your environment:

• On supported Windows 10 and Windows 11 environments, you must have installed the Windows update dated on or after August 22, 2023.
• On supported Windows Server environments, you must have installed the Windows update dated on or after September 12, 2023.

After the appropriate Windows update is installed, you must set the following feature flag in the registry:

Registry location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management

Value name: FeatureSettingsOverride

Value type: REG_DWORD

Value data: 0x2000000 (hex)

If this registry value does not already exist, run the following command to disable the GDS mitigation:

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 33554432 /f

More details are available in the INTEL-SA-00828 security advisory and CVE-2022-40982, as well as in Microsoft's own KB5029778 support document.