Microsoft has released a new batch of Intel microcode updates for Windows 10 20H2, 2004, 1909, and older versions to fix new hardware vulnerabilities discovered in Intel CPUs.
When Intel finds bugs in their CPUs, they release microcode updates that allow operating systems to patch the behavior of the CPU to fix, or at least mitigate, the bug.
Today, an international group of researchers from Graz University of Technology, CISPA Helmholtz Center for Information Security, and the University of Birmingham disclosed new Intel CPU side-channel vulnerabilities called Platypus.
These vulnerabilities reside in Intel's Running Average Power Limit (RAPL) interface, allowing users to monitor and manage the power consumption of supported CPUs and DRAM memory.
The researchers showed that they could use the RAPL interface to monitor power consumption and deduce what instructions were being performed by a CPU, allowing them to steal sensitive data from memory.
As a demonstration, the researchers released a video that illustrates how they can use the Platypus attack to steal an AES-NI key from protected Intel SGX enclaves.
https://www.bleepingcomputer.com/news/microsoft/windows-10-intel-microcode-released-to-fix-new-cpu-security-bugs/