Share:
Twitter
LinkedIn
Facebook
Google+
Reddit
Whatsapp
Follow by Email

If you are reading this I am sure you are aware of the huge news regarding the security bugs in CPUs from different manufacturers, not just Intel. Luckily Microsoft has been on the ball with this one and have release patches and also a PowerShell Module to the PowerShell Gallery. This module will verify if your system is protected or not.

Microsoft is aware of a new publicly disclosed class of vulnerabilities that are referred to as “speculative execution side-channel attacks” that affect many modern processors and operating systems, including chipsets from Intel, AMD, and ARM.
Note This issue also affects other systems, such as Android, Chrome, iOS, and MacOS, so we advise customers to seek guidance from those vendors.
Microsoft has released several updates to help mitigate these vulnerabilities. We have also taken action to secure our cloud services. See the following sections for more information.
Microsoft has not yet received any information to indicate that these vulnerabilities have been used to attack customers. Microsoft continues working closely with industry partners including chip makers, hardware OEMs, and app vendors to protect customers. To get all available protections, hardware/firmware and software updates are required. This includes microcode from device OEMs and, in some cases, updates to antivirus software as well.
This advisory addresses the following vulnerabilities:

• CVE-2017-5715 (branch target injection)

• CVE-2017-5753 (bounds check bypass)

• CVE-2017-5754 (rogue data cache load)

To learn more about this class of vulnerabilities, see ADV180002.

Install the PowerShell Module

We are going to be using Install-Module to install the new PowerShell module from the PowerShell gallery. This works when using PowerShell version 5.0 if you are using an older version, you can download the module from the PowerShell Gallery using the link above.

Open PowerShell with Elevated credentials and type the following

Install-Module -Name SpeculationControl -Force

Install-Module

You have now installed the module.

Check your system

This bit is easy. In your PowerShell window type

Set-ExecutionPolicy -Scope Process -ExecutionPolicy unrestricted
Get-SpeculationControlSettings

If you have not installed any of the updates you will see the below.

Get-SpeculationControlSettings

Next, for servers, you will need to enable injection mitigation. This can be done in an elevated PowerShell window.

To Enable mitigation, use the following code.

#Enable
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f

To Disable mitigation, use the following code.

#Disable
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 3 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f

If you have all of the updates installed you will have a screen like the one below.

All ok

You will notice that it is still not all green. This is due to the absence of hardware support. Once the OEM firmware update has been released and you have installed it you will see all green when you run the above PowerShell command.

If your Antivirus software supports this update you will be able to install it using windows update. To manually install this update go to https://support.microsoft.com/en-us/help/4043454 to find the updates. Just make sure you read all of the Known Issues before you install.

I hope you found this article helpful. Any questions please leave a comment or reach out on Twitter.

Share:
Twitter
LinkedIn
Facebook
Google+
Reddit
Whatsapp
Follow by Email

Pixel Robots.

I’m Richard Hooper aka Pixel Robots. I started this blog in 2016 for a couple reasons. The first reason was basically just a place for me to store my step by step guides, troubleshooting guides and just plain ideas about being a sysadmin. The second reason was to share what I have learned and found out with other people like me. Hopefully, you can find something useful on the site.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

I agree