Microsoft releases PowerShell script for purpose of testing of Meltdown and Spectre

Microsoft releases PowerShell script for purpose of testing of Meltdown and Spectre

PowerShell

With the latest news concerning the possible attacks within your computer hardware Microsoft has jumped on providing a PowerShell Script to give a user basic knowledge whether they are vulnerable.  Baron Software followed the guidelines and can attest that it does work providing the end user with information but it doesn’t really tell the end user what to do.  This is almost like being in a bomb shelter waiting for the explosion to happen.

Commendable for Microsoft

Microsoft, at least gave something to work on while hardware manufacturers have to come up with a plan on protecting the end user.  That should be happening in the next few weeks to months but also be aware that countless folks that have older equipment which is no longer supported can be left out.

3 Point Plan

  1. Verify that you are running a supported antivirus application before you install OS or firmware updates.   Make sure you have the latest Anti-Virus software installed and updates are applied.
  2. Apply all available Windows operating system updates, including the January 2018 Windows security updates.
  3. Apply the applicable firmware update that is provided by the device manufacturer.  Wait until the manufacturer issues the release and you review it.  Do not apply out of fear due to the fact that if the firmware is updated and a problem occurs it is possible that the machine can become unusable.

Remember the attacks can only occur if you allow applications from the outside to be executed on the computer as well as leaving it open to the internet by keeping your router unprotected.

Windows PowerShell

The following steps were performed on a Windows 10 Professional machine so be aware of what operating system you have installed.  This does not hurt or disable anything but instead provides information.

  1. Press the Windows key and type PowerShell.
  2. Right click the PowerShell shortcut and select Run as Administrator.
  3. Type Install-Module SpeculationControl and press Enter.
  4. If you are prompted to install the NuGet provider, type Y and press Enter, and repeat if you are warned about installing from an untrusted repository.
  5. With the installation complete, type Import-Module SpeculationControl and press Enter.
  6. Type Get-SpeculationControlSettings and press Enter.

When executing these steps, there is a possibility that the execution policy will not allow it.  Microsoft provides the following information on setting the execution policy for the current user or machine, once again it does not damage anything and you can revert the policy back.

Following steps to save current policy, run the script and revert back.

 $SaveCurrentExecutionPolicy = Get-ExecutionPolicy

Set-ExecutionPolicy AllSigned -Scope Currentuser

Import-Module SpeculationControl

Get-SpeculationControlSettings

# Reset the execution policy to the original state

Set-ExecutionPolicy $SaveExecutionPolicy -Scope Currentuser

Get-SpeculationControlSettings Output

What does this all mean.  Displayed below you will see that the machine this was executed on needs to update the firmware and that is in a holding state until the vendor gets back.

Speculation control settings for CVE-2017-5715 [branch target injection]

Hardware support for branch target injection mitigation is present: False
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: False
Windows OS support for branch target injection mitigation is disabled by system policy: False
Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True

Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID performance optimization is enabled: True [not required for security]

Suggested actions

* Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injection mitigation.

BTIHardwarePresent : False
BTIWindowsSupportPresent : True
BTIWindowsSupportEnabled : False
BTIDisabledBySystemPolicy : False
BTIDisabledByNoHardwareSupport : True
KVAShadowRequired : True
KVAShadowWindowsSupportPresent : True
KVAShadowWindowsSupportEnabled : True
KVAShadowPcidEnabled : True

Now you have a taste of what PowerShell can do for you and it is installed on most machines with the latest operating systems and it is a valuable asset to replace good old DOS command.  Go ahead and review what was written to prepare your work place for safety.