When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Microsoft no longer suggests overlooking "Downfall" of Intel 7th 8th 9th 10th 11th Gen CPUs

Neowin · · Hot! with 38 comments

Intel logo with red lines

Last month in August 2023, several modern Intel processor families, from the 7th Gen Kaby Lake, all the way up to the 11th Gen Rocket Lake CPUs, were found to be susceptible to a new processor vulnerability. This security flaw is codenamed "Downfall" and it is a Transient Execution or Speculative execution side-channel attack called Gather Data Sampling (GDS) vulnerability.

The newest chips, i.e., Intel's 12th Gen Alder Lake and the 13th Gen Raptor Lake parts come with Intel's TDX which prevents the exploitation of stale data. Microsoft and Intel are working with one another and the issue is mitigated via firmware Microcode update (MCU).

On the security advisory published by Microsoft about this issue, the tech giant had a section that guided users in case they wanted to disable the mitigation provided for Downfall if users felt they weren't affected. Interestingly, however, Microsoft has since erased this provided mitigation-removal as well as the section that described it from its website and has updated the changelog and explained why with the following message "Removed the content to disable the GDS mitigation as that option is no longer available."

The removal of this mitigation involved making tweaks to the registry. Here is the archived version of it:

Disable the mitigation

If you do not consider GDS to be part of your threat model, you might choose to turn off (disable) the mitigation in a bare-metal environment.

Note Disabling the mitigation when Hyper-V (Virtualization) is enabled is not in scope of this current implementation.

To disable the GDS mitigation in Windows, you must have the following installed, as appropriate for your environment:

  • On supported Windows 10 and Windows 11 environments, you must have installed the Windows update dated on or after August 22, 2023.
  • On supported Windows Server environments, you must have installed the Windows update dated on or after September 12, 2023.

After the appropriate Windows update is installed, you must set the following feature flag in the registry:

Registry location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management

Value name: FeatureSettingsOverride

Value type: REG_DWORD

Value data: 0x2000000 (hex)

If this registry value does not already exist, run the following command to disable the GDS mitigation:

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 33554432 /f

You can find the security advisory about Intel's Downfall (GDS) on this (KB5029778) support page on Microsoft's official website.

Report a problem with article
Googles Genesis AI in development
Next Article

Google Chrome moves forward with its targeted ad tracking system, here's how to turn it off

Outlook for windows
Previous Article

Microsoft offers an update on the release of the new Outlook for Windows

Join the conversation!

Login or Sign Up to read and post a comment.

38 Comments - Add comment