Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Meltdown and Spectre (Problem with Powershell-Script!) Need Help ..


  • Please log in to reply
55 replies to this topic

#1 Guest_Doghen_*

Guest_Doghen_*

  • Guests
  • OFFLINE
  •  

Posted 05 January 2018 - 03:23 AM

Hey there, my Windows 10 Machine is updated and patched with the update: kb4056892.

 

My processor: Intel® Core™ i3-3240 CPU @ 3.40GHz.

Engine: Intel® Management Engine.

My OS: Microsoft Windows 10 Home 64x.

My Desktop: Hewlett-Packard, Pro3500 Series

 

already tested it with: Intel-SA-00086 Detection Tool 1.0.0.152.   (I don't Know what the Tool doe's but people says it will scan if your processor is patched against Meltdown, or Spectre.. but i don't know.. :s)

 

and the results are: This system is not vulnerable.

 

but iknow MS have created an Powershell-Script to check if your system is Patched against Meltdown or Spectre or if it need Firmware update or not..

 

But when i run the Scripts:

 

Install-Module SpeculationControl (It asks me how to open it with an app)

 

already changed the: Set-ExecutionPolicy Bypass (To YES all)

 

But nothing has helped.. and i need to run this Script, anything to fix this so that i can run the Script, to check my System?

 

already have enabled (Strict Site Isolation in Google Chrome) and as always using an adblocker to protect me from Malicious Ads, other things.. 

 

-Cheers! 


Edited by Doghen, 05 January 2018 - 10:20 AM.


BC AdBot (Login to Remove)

 


#2 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 9,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA

Posted 05 January 2018 - 11:03 AM

You have already applied the KB patch that fixes the vulnerabilities.   There is nothing more that needs to be done.


Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1809, Build 17763 

     Presenting the willfully ignorant with facts is the very definition of casting pearls before swine.

             ~ Brian Vogel

 

 

 

              

 


#3 JohnC_21

JohnC_21

  • Members
  • 24,623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:47 PM

Posted 05 January 2018 - 12:17 PM

I couldn't get the powershell module to download and wanted to set the Execution Policy back to Restricted, the default. Kept getting accessed denied for some reason and finally had to edit the registry manually to set the policy to Restricted.



#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:47 PM

Posted 05 January 2018 - 12:43 PM

@JohnC_21 You did run PowerShell as administrator?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#5 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:47 PM

Posted 05 January 2018 - 12:46 PM

You have already applied the KB patch that fixes the vulnerabilities.   There is nothing more that needs to be done.

 

For CVE-2017-5715, firmware updates are required too. But AFAIK, these are not yet available.

 

20180105-171527.png


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#6 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:47 PM

Posted 05 January 2018 - 12:49 PM

already tested it with: Intel-SA-00086 Detection Tool 1.0.0.152.   (I don't Know what the Tool doe's but people says it will scan if your processor is patched against Meltdown, or Spectre.. but i don't know.. :s)

 

 

This is not a tool for Meltdown/Spectre, but for Intel Management Engine.

 

What is your exact error message with PowerShell?

 

Alex Ionescu also released a Windows executable to perform checks: SpecuCheck https://github.com/ionescu007/SpecuCheck/releases


Edited by Didier Stevens, 05 January 2018 - 12:49 PM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#7 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 9,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:10:47 PM

Posted 05 January 2018 - 01:05 PM

 

You have already applied the KB patch that fixes the vulnerabilities.   There is nothing more that needs to be done.

 

For CVE-2017-5715, firmware updates are required too. But AFAIK, these are not yet available.

 

 

 

About which I should have been more clear in my statement and for which I appreciate the clarification.

 

At this point there's nothing more to be done.   Once those patches are available it's virtually certain that there will be all sorts of fanfare about their having become available and the need to apply them promptly.

 

For the moment, applying the OS patch is about all one can do.


Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1809, Build 17763 

     Presenting the willfully ignorant with facts is the very definition of casting pearls before swine.

             ~ Brian Vogel

 

 

 

              

 


#8 JohnC_21

JohnC_21

  • Members
  • 24,623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:47 PM

Posted 05 January 2018 - 01:34 PM

@JohnC_21 You did run PowerShell as administrator?

Yep, ran it in admin to set it to Bypass but for some reason always got access denied when trying to set it back to Restricted which was strange because it did let me change it using the registry edit but system is already patched. I'm not going to get any CPU patch as it's too old.

 

I don't think there will be a POSReady patch for embedded XP for this vulnerability for anybody using the POSReady hack. I didn't see anything on the Update Catalog site. This is going to be a nightmare for people still running XP.


Edited by JohnC_21, 05 January 2018 - 01:37 PM.


#9 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:47 PM

Posted 05 January 2018 - 01:56 PM

This is PowerShell on Windows XP? Which version of PowerShell did you install?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#10 JohnC_21

JohnC_21

  • Members
  • 24,623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:47 PM

Posted 05 January 2018 - 02:31 PM

This is PowerShell on Windows XP? Which version of PowerShell did you install?

Sorry for being not clear on my part. This was Powershell V2 was on Windows 7. I was just commenting on XP and what happens with it regarding Meltdown and Spectre.



#11 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:47 PM

Posted 05 January 2018 - 02:39 PM

Install-Module requires PowerShell V3 or later. That's why you couldn't download.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#12 JohnC_21

JohnC_21

  • Members
  • 24,623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:47 PM

Posted 05 January 2018 - 02:55 PM

Install-Module requires PowerShell V3 or later. That's why you couldn't download.

Thank You.  :)



#13 Guest_Doghen_*

Guest_Doghen_*

  • Guests
  • OFFLINE
  •  

Posted 05 January 2018 - 03:06 PM

 

already tested it with: Intel-SA-00086 Detection Tool 1.0.0.152.   (I don't Know what the Tool doe's but people says it will scan if your processor is patched against Meltdown, or Spectre.. but i don't know.. :s)

 

 

This is not a tool for Meltdown/Spectre, but for Intel Management Engine.

 

What is your exact error message with PowerShell?

 

Alex Ionescu also released a Windows executable to perform checks: SpecuCheck https://github.com/ionescu007/SpecuCheck/releases

 

 

When i want to run this line: Install-Module SpeculationControl.

 

it asks me how to open the "File" with an app like (Windows store, IE, Google Chrome) :/ 

how to fix this?

and will (Firmware Updates) automatically get installed for Intel Processors/Bios? ..

or do we need to manually search for it? and i don't know if my Processor/Bios is updated to newer Firmware.. 

 

(i always install Windows 10 and only update it trough Windows updates and nothing else)

 

and for what is that other program that you have showed in the Chat "SpecuCheck" does this checks if my Processor/OS is patched for these attacks, or does it different things? 

 

'Cheers!


Edited by Doghen, 05 January 2018 - 03:09 PM.


#14 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:47 PM

Posted 05 January 2018 - 06:51 PM

SpecuCheck does the same as the PowerShell script, but presents the results differently.

 

You can run it without having to install anything.

 

If you want to fix your PowerShell issue, can you post a screenshot of that error. I understand what you say, but I don't understand why that happens. Maybe a screenshot can give me a clue.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#15 pcpunk

pcpunk

  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida

Posted 05 January 2018 - 07:16 PM

@Doghen, I have the same CPU as you, so will be following this post and just created one of my own also just in case I have different issues.  

 

@Didier Stevens, can SpecuCheck be run even though Powershell is only V2?, it don't matter right.  I'll go download and run it I guess.


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users