Posted 10 January 2018 - 03:53 PM
The main goal of this PowerShell script, is not to test if your CPU is vulnerable or to test if the patches have been installed. The main goal is to check if the mitigations are active.
The mitigations for CVE-2017-5754 and CVE-2017-5715 are configurable (can be enabled or disabled via registry: https://support.microsoft.com/en-za/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution), and mitigating CVE-2017-5715 requires a microcode update.
The mitigation for CVE-2017-5753 is not configurable, and does not require a microcode update.
If the Windows patch for Meltdown/Spectre has been installed on your machine, then mitigation for CVE-2017-5753 is active.
SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.
Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"