KB4074629 fixes PowerShell vulnerability in Windows 10 and 11

Is artificial intelligence taking over content creation? Help us find out by answering a few quick questions!

We're always talking about staying safe online and preaching caution when it comes to your own sensitive information.

At this point, know that Microsoft has completely relabeled all major threat actors and is making it easier to identify each one of them.

Also, a few days ago, the dreaded Windows 11 LSA bug was fixed with kernel-mode hardware stack protection.

And, since we’re talking about Windows 11, know that you can now diagnose network issues on the taskbar in Windows 11.

Now, another major issue has apparently been resolved, as Microsoft published an interesting article on its official page.

Microsoft ships with PowerShell scripts for multiple flaws

If you didn’t know, last month Microsoft released a PowerShell script for automating WinRE updates to address the BitLocker bypass security vulnerability .

The Redmond-based tech company has once again released new PowerShell scripts, and we're going to take a closer look at them.

This time, however, they are targeting multiple different speculative execution side-channel attack CPU vulnerabilities on Windows 11 and Windows 10.

For better understanding, keep in mind that one of them includes a Memory Mapped IO (MMIO) flaw that recently received a patch in a new update on Windows 10 and Server.

The above script is intended to help verify the mitigation status of these vulnerabilities. Or, at least, that's what Microsoft says.

According to Redmond, to help you verify the status of speculative execution side-channel mitigations, it has released a PowerShell script (SpeculationControl) that can be run on your device. .

Security bulletins ADV180002, ADV180012, ADV180018 and ADV190013 cover the following nine vulnerabilities:

• CVE-2017-5715 (Branch Target Injection)
• CVE-2017- 5753 (Bounds Check Bypass)
• CVE-2017-5754 (Malicious Data Cache Loading)
• CVE-2018-3639 (Inference Store Bypass)
• CVE-2018 -3620 (L1 Endpoint Failure – OS)
• CVE-2018-11091 (Microarchitectural Data Sampling Uncacheable Memory (MDSUM))
• CVE-2018-12126 (Microarchitectural Storage Buffer Data Sampling (MSBDS))
• CVE-2018-12127 (Microarchitectural Load Port Data Sampling (MLPDS))
• CVE-2018-12130 (Microarchitectural Fill Buffer Data Sampling (MFBDS) )

NOTE Protection against CVE-2017-5753 (bounds check) does not require additional registry settings or firmware updates.

ADV220002 reported additional Memory Mapped I/O (MMIO) related vulnerabilities:

• CVE-2022-21123 – Shared Buffer Data Read (SBDR)
• CVE-2022-21125 – Shared Buffer Data Sampling (SBDS)
• CVE-2022-21127 – Special Register Buffer Data Sampling Update (SRBDS Update)
• CVE-2022-21166 – Device Register Partial Write (DRPW)

You can find more information and helpful tips by visiting Microsoft's official website. There is a lot that Microsoft has not shared yet, so we are still waiting for updates.

Also, be sure to check out the September and July 2023 Patch Tuesday releases. This month's update contains <> patches to address various vulnerabilities.

You can find direct download links for Windows 11 and Windows 10. We've also prepared a list of updates released for Windows 7 and 8.1.

The above is the detailed content of KB4074629 fixes PowerShell vulnerability in Windows 10 and 11. For more information, please follow other related articles on the PHP Chinese website!