Featured Article Information regarding speculative execution side-channel vulnerabilities (Meltdown and Spectre) Updates
  • KB ID: KB-01035
  • Created: 01/09/2018 11:54 AM
  • Updated: 01/09/2018 3:41 PM
  • Views: 684
  • 1 Ratings

Summary

This article explains what is necessary to be protected against the “speculative execution side-channel attacks” that affect many modern processors and operating systems, including Intel, AMD, and ARM.

More Information

First of all, please note the following statement from Microsoft:
"To help prevent stop errors caused by incompatible anti-virus applications, Microsoft is only offering the Windows security updates released on January 3, 2018 to devices running anti-virus software from partners who have confirmed their software is compatible with the January 2018 Windows operating system security update."

If you are not offered the according update, your anti-virus application is incompatible.
According to Microsoft, it may cause a BSOD (Blue Screen Of Death) after the Updates for Meltdown and Spectre have been installed.
The anti-virus vendors have been instructed to modify their products and create the following registry key if the anti-virus is confirmed or updated:

  • Key="HKEY_LOCAL_MACHINE"
  • Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat"
  • Value="cadca5fe-87d3-4b96-b7fb-a231484277cc"
  • Type="REG_DWORD”

Do not add this registry key manually if your anti-virus is not supported!

Unfortunately some anti-virus companies do not plan to create that registry key or are not technically able to do so while others will ship the update in the following days.
The following Google Docs file shows you their current status:


There are four Microsoft help pages which will give you some information regarding the vulnerabilities:

Instructions

Microsoft has released a Powershell module which provides you with the necessary information.
Please note that Powershell has to be run in elevated mode in order to install the Speculation module.

Script:

Install-Module SpeculationControl
$SaveExecutionPolicy = Get-ExecutionPolicy
Set-ExecutionPolicy RemoteSigned -Scope Currentuser
Import-Module SpeculationControl
Get-SpeculationControlSettings
Set-ExecutionPolicy $SaveExecutionPolicy -Scope Currentuser

If no updates have been installed, it will most likely look like this:

After the Microsoft Updates have been installed, it may look like this:

If not all OS levels are green (True), then you have to update the Chipset Firmware.
Depending on the availability of these updates, it may be that you are not fully protected.

Once the Firmware have been updated, everything should be fine:

Feedback

Did you find this article helpful?

© 2000-2018 Brainware Consulting & Development AG     Impressum / Legal Notice  |  Datenschutz / Privacy Policy