Microsoft released a guide and a powershell script which can scan your PC for the recent discovered Meltdown & Spectre attack. The Windows Client Guidance for IT Pros to protect against speculative execution side-channel vulnerabilities guide is now available for everyone and the script can be downloaded on the same site via it’s given procedure – which I will explain in detail in this article.
How to load the script
- Type Install-Module SpeculationControl in an elevated PowerShell prompt.
- Type Import-Module SpeculationControl to start the script.
- At this point you might see an error/warning that running scripts are disabled on your PC. In this case type Set-ExecutionPolicy RemoteSigned and repeat the command Import-Module SpeculationChannel.
- The last step is to type Get-SpeculationControlSettings.
// Example output
PS C:\> Get-SpeculationControlSettings
Speculation control settings for CVE-2017-5715 [branch target injection]
Hardware support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: True
Speculation control settings for CVE-2017-5754 [rogue data cache load]
Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID optimization is enabled: True
Affected are processors from Intel, AMD, ARM as well as operating systems and other software programs.
The result is a bit confusing and maybe hard to read but ‘true‘ means it’s patched and ‘false‘ that’s unpatched or not affected.
In case you have a problem with the official solution provided by Microsoft, you could use SpecuCheck instead.
The little program is open source and does the same, same as the official MS solution goes also for this tool, there just inform you but there not fixing the holes!
A Reddit user was so kind to test the performance before and after you apply the latest patches. In case you suffer from such an attack you can revert it via the following two commands (execute with admin privileges).
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 3 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f