Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Meltdown/Spectre: Get-SpeculationControlSettings not checking for CVE-2017-5753?


  • Please log in to reply
5 replies to this topic

#1 GreenSparrow

GreenSparrow

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:40 PM

Posted 10 January 2018 - 12:41 PM

Hi all!

 

Get-SpeculationControl seems to check for Meltdown (CVE-2017-5754) and only part of Spectre (CVE-207-5715) - not CVE-2017-5753. Any insight into how to check for this other part of the Spectre vulnerability? Or why it isn't addressed by this check? Are the fixes redundant?

 

Thanks in advance folks!



BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:40 PM

Posted 10 January 2018 - 03:53 PM

The main goal of this PowerShell script, is not to test if your CPU is vulnerable or to test if the patches have been installed. The main goal is to check if the mitigations are active.

 

The mitigations for CVE-2017-5754 and CVE-2017-5715 are configurable (can be enabled or disabled via registry: https://support.microsoft.com/en-za/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution), and mitigating CVE-2017-5715 requires a microcode update.

 

The mitigation for CVE-2017-5753 is not configurable, and does not require a microcode update.

 

If the Windows patch for Meltdown/Spectre has been installed on your machine, then mitigation for CVE-2017-5753 is active.

 

https://support.microsoft.com/en-za/help/4074629/understanding-the-output-of-get-speculationcontrolsettings-powershell


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 GreenSparrow

GreenSparrow
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:40 PM

Posted 16 January 2018 - 02:30 PM

The main goal of this PowerShell script, is not to test if your CPU is vulnerable or to test if the patches have been installed. The main goal is to check if the mitigations are active.

 

The mitigations for CVE-2017-5754 and CVE-2017-5715 are configurable (can be enabled or disabled via registry: https://support.microsoft.com/en-za/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution), and mitigating CVE-2017-5715 requires a microcode update.

 

The mitigation for CVE-2017-5753 is not configurable, and does not require a microcode update.

 

If the Windows patch for Meltdown/Spectre has been installed on your machine, then mitigation for CVE-2017-5753 is active.

 

https://support.microsoft.com/en-za/help/4074629/understanding-the-output-of-get-speculationcontrolsettings-powershell

 

Thank you! This is a great, clear explanation :)



#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:40 PM

Posted 17 January 2018 - 01:36 PM

You're welcome :-)


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#5 Sampei_Nihira

Sampei_Nihira

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Italy
  • Local time:07:40 PM

Posted 29 January 2018 - 05:10 AM

Someone over at GitHub has developed a Meltdown/Sprectre status utility in the form of a PowerShell script that will also inform if your browser has been patched for Spectre - variant 1:

 

https://github.com/vrdse/MeltdownSpectreReport

 

I have execute the script locally.
I used the parameter "remotesigned".
 
2BHTH.jpg
 
 
Remember to restore the policy to default:
 
2BHTJ.jpg


#6 Sampei_Nihira

Sampei_Nihira

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Italy
  • Local time:07:40 PM

Posted 29 January 2018 - 06:53 AM

I tested my processor with Stephan Vanderkhof Poc recompiled by UCyborg.

 

Celeron M380  (2004)

 

It is not in the Intel List.

 

But it is equally vulnerable.

 

Every other Intel processor released after the Pentium Pro (1995) first to use executive speculation is vulnerable:

 

 

oCjSlJuR_t.jpg






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users