If you are reading this I am sure you are aware of the huge news regarding the security bugs in CPUs from different manufacturers, not just Intel. Luckily Microsoft has been on the ball with this one and have release patches and also a PowerShell Module to the PowerShell Gallery. This module will verify if your system is protected or not.
Microsoft is aware of a new publicly disclosed class of vulnerabilities that are referred to as “speculative execution side-channel attacks” that affect many modern processors and operating systems, including chipsets from Intel, AMD, and ARM.
Note This issue also affects other systems, such as Android, Chrome, iOS, and MacOS, so we advise customers to seek guidance from those vendors.
Microsoft has released several updates to help mitigate these vulnerabilities. We have also taken action to secure our cloud services. See the following sections for more information.
Microsoft has not yet received any information to indicate that these vulnerabilities have been used to attack customers. Microsoft continues working closely with industry partners including chip makers, hardware OEMs, and app vendors to protect customers. To get all available protections, hardware/firmware and software updates are required. This includes microcode from device OEMs and, in some cases, updates to antivirus software as well.
This advisory addresses the following vulnerabilities:• CVE-2017-5715 (branch target injection)
• CVE-2017-5753 (bounds check bypass)
• CVE-2017-5754 (rogue data cache load)
To learn more about this class of vulnerabilities, see ADV180002.
Install the PowerShell Module
We are going to be using Install-Module to install the new PowerShell module from the PowerShell gallery. This works when using PowerShell version 5.0 if you are using an older version, you can download the module from the PowerShell Gallery using the link above.
Open PowerShell with Elevated credentials and type the following
Install-Module -Name SpeculationControl -Force |
You have now installed the module.
Check your system
This bit is easy. In your PowerShell window type
Set-ExecutionPolicy -Scope Process -ExecutionPolicy unrestricted | |
Get-SpeculationControlSettings |
If you have not installed any of the updates you will see the below.
Next, for servers, you will need to enable injection mitigation. This can be done in an elevated PowerShell window.
To Enable mitigation, use the following code.
#Enable | |
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f | |
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f |
To Disable mitigation, use the following code.
#Disable | |
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 3 /f | |
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f |
If you have all of the updates installed you will have a screen like the one below.
You will notice that it is still not all green. This is due to the absence of hardware support. Once the OEM firmware update has been released and you have installed it you will see all green when you run the above PowerShell command.
If your Antivirus software supports this update you will be able to install it using windows update. To manually install this update go to https://support.microsoft.com/en-us/help/4043454 to find the updates. Just make sure you read all of the Known Issues before you install.
I hope you found this article helpful. Any questions please leave a comment or reach out on Twitter.
0 Comments