banner

Blog

Aug 18, 2023

Microsoft Offers Instructions to Disable Downfall Mitigations on Windows

Microsoft also unveiled how to disable the security mitigation for maximum CPU performance

Mitigations that patch the new Downfall vulnerability in Intel's previous Best CPUs have finally been released. Now, Microsoft has provided a method for turning off the Downfall mitigation for users that require speed over security.

To disable the Downfall mitigation, open an elevated command prompt and type the following: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 33554432 /f.

Alternatively, you can execute the same command in the Windows Registry by heading to this location:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management, finding the value name FeatureSettingsOverride, finding the value type REG_DWORD, and inputting the hexadecimal code 0x2000000.

For this to work, you again must have the Downfall mitigation installed. Windows 10 and 11 installations must also include Windows updates released on August 22, 2023, or later. The same applies to Windows Server environments with Windows updates dated on or after September 12th, 2023.

Downfall is a new CPU vulnerability affecting all modern Intel CPUs before its 12th Gen Alder Lake CPUs. 11th Gen Rocket Lake, 10th Gen Comet Lake, 9th Gen Coffee Lake Refresh, 8th Gen Coffee Lake, and 7th Gen Kaby Lake CPUs are all affected. The exploit takes advantage of a new transient execution attack, GDS or Gath Data Sampling, that enables attackers to steal sensitive information from a system's most secure environments, including the user kernel, processes, virtual machines, and trusted execution environments.

GDS takes advantage of an architectural vulnerability in Intel's CPUs that reveals internal hardware registers to software, allowing attackers to infer stale data from previously used vector registers. (This is similar to AMD's Zen 1 vulnerability, which utilizes exploitable CPU registers to steal sensitive data.)

According to Microsoft, the new Downfall mitigation is now available with the installation of Intel's Platform Update (IPU) 23.3 microcode update. The update will be rolled out automatically as a motherboard firmware update for OEM systems. For DIY builders, the update will be integrated into a BIOS update for your motherboard that you can install manually. (Unless your motherboard vendor has provided an automated BIOS updating process through 3rd party applications or Windows Update.)

Microsoft did not disclose how significant the CPU performance losses are with the mitigation enabled. However, it is substantial enough that Microsoft allows the mitigation to be disabled on Windows Server environments.

Join the experts who read Tom's Hardware for the inside track on enthusiast PC tech news — and have for over 25 years. We'll send breaking news and in-depth reviews of CPUs, GPUs, AI, maker hardware and more straight to your inbox.

Aaron Klotz is a freelance writer for Tom’s Hardware US, covering news topics related to computer hardware such as CPUs, and graphics cards.

GlobalFoundries Criticizes German Subsidies to Rival TSMC

Tesla's $300 Million AI Cluster Is Going Live Today

Swiss Retailer Stats Reveal Which GPU Brand Has the Highest Failure Rates

By Anton ShilovAugust 27, 2023

By Ash HillAugust 27, 2023

By Ash HillAugust 27, 2023

By Ash HillAugust 26, 2023

By Zhiye LiuAugust 26, 2023

By Ash HillAugust 26, 2023

By Aaron KlotzAugust 26, 2023

By Anton ShilovAugust 26, 2023

By Ash HillAugust 26, 2023

By Ash HillAugust 26, 2023

By Aaron KlotzAugust 25, 2023

SHARE