As reported by Phoronix, Intel has just released a new CPU microcode update, version 20201110 , which covers a large number of Intel’s CPUs, spanning from 6th Gen Core series processors to 11th Gen “Tiger Lake” CPUs. The update patches a whopping 40 security holes including the “PLATYPUS” vulnerability.
The PLATYPUS vulnerability allows an attacker to manipulate the CPU’s power interface system and grab sensitive information thru it. This is due to the power interface being readable, and thus, manipulatable without administrative rights. The patch fixes the issue by locking down the system to admin access only.
Another issue the microcode addresses is an information disclosure vulnerability that allows an attacker to obtain data on previous AVX instruction executions via the fast store forward predictor.
Finally, the microcode update fixes a few functional issues not pertaining to security, which includes Ice Lake CPUs crashing or hanging due to VT-d and USB Type-C issues. Plus a Xeon Cascade Lake fix for interrupts when a core exits the C6 state.
Linux users can find instructions for manually updating their firmware on Intel’s Github page. However, it’s likely that Microsoft and other OS vendors will include automated updates that include the new microcode.