Windows 10: Windows Client Guidance against speculative execution vulnerabilities

Page 26 of 75 FirstFirst ... 16242526272836 ... LastLast
  1.    19 Jan 2018 #250

    Kari said: View Post
    It's Import-Module, not Install-Module. A syntax error in your PowerShell command line.
    I used Install-Module as per first post. Install-Module should import module from package manager - in fact it will prompt you to install nuget if you don't already have it.

    Import-Module vs. Install-Module : PowerShell
      My ComputerSystem Spec


  2. Posts : 1,336
    W10 pro x64 and W8.1 x86
       19 Jan 2018 #251

    I just tried Kari's suggestion and get this. I've never installed nugget (spell checker :)) and so will have a look there.

    Code:
    Windows PowerShell
    Copyright (C) 2014 Microsoft Corporation. All rights reserved.
    
    PS C:\Windows\system32> Set-ExecutionPolicy Unrestricted -Scope Process -Force
    PS C:\Windows\system32> Import-Module SpeculativeControl -Force
    Import-Module : The specified module 'SpeculativeControl' was not loaded because no valid module file was found in any
    module directory.
    At line:1 char:1
    + Import-Module SpeculativeControl -Force
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : ResourceUnavailable: (SpeculativeControl:String) [Import-Module], FileNotFoundException
        + FullyQualifiedErrorId : Modules_ModuleNotFound,Microsoft.PowerShell.Commands.ImportModuleCommand
    
    PS C:\Windows\system32>
      My ComputerSystem Spec


  3. Posts : 1,336
    W10 pro x64 and W8.1 x86
       19 Jan 2018 #252

    I'm still non the wiser having looked at Ix07's link.

    Have you guys that have got this Tutorial to work previously installed something ?
      My ComputerSystem Spec

  4.    19 Jan 2018 #253

    Try this command (admin of course).

    Get-Command -Name Install-Module -Module PowerShellGet -Syntax


    You should see something like this:
    Code:
    PS C:\WINDOWS\system32> Get-Command -Name Install-Module -Module PowerShellGet -Syntax
    
    Install-Module [-Name] <string[]> [-MinimumVersion <version>] [-MaximumVersion <version>] [-RequiredVersion <version>] [-Repository <string[]>] [-Credential <pscredential>] [-Scope <string>] [-Proxy <uri>] [-ProxyCredential <pscredential>] [-AllowClobber] [-SkipPublisherCheck] [-Force] [-WhatIf] [-Confirm] [<CommonParameters>]
    
    Install-Module [-InputObject] <psobject[]> [-Credential <pscredential>] [-Scope <string>] [-Proxy <uri>] [-ProxyCredential <pscredential>] [-AllowClobber] [-SkipPublisherCheck] [-Force] [-WhatIf] [-Confirm] [<CommonParameters>]
    
    PS C:\WINDOWS\system32>
    PowerShellGet was installed as part of version 5 (so years ago). See Install-Module | Microsoft Docs

    If it isn't working then something is up - it certainly does work on clean install of 10.

    Import-Module will not work unless you download your module first so it exists in your path - then it will. As in first post Install-Module is the correct command to use in this case.
      My ComputerSystem Spec


  5. Posts : 1,336
    W10 pro x64 and W8.1 x86
       19 Jan 2018 #254

    Doesn't seem to be working. This is on W8.1 but Shawns TUT is the same.

    Code:
    Windows PowerShell
    Copyright (C) 2014 Microsoft Corporation. All rights reserved.
    
    PS C:\Windows\system32> Get-Command -Name Install-Module -Module PowerShellGet -Syntax
    Get-Command : The term 'Install-Module' is not recognized as the name of a cmdlet, function, script file, or operable
    program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
    At line:1 char:1
    + Get-Command -Name Install-Module -Module PowerShellGet -Syntax
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : ObjectNotFound: (Install-Module:String) [Get-Command], CommandNotFoundException
        + FullyQualifiedErrorId : CommandNotFoundException,Microsoft.PowerShell.Commands.GetCommandCommand
    
    PS C:\Windows\system32>
      My ComputerSystem Spec


  6. Posts : 1,336
    W10 pro x64 and W8.1 x86
       19 Jan 2018 #255

    I'll try it on W10 shortly. Both 8.1 and 10 are recent clean installs.
      My ComputerSystem Spec

  7.    19 Jan 2018 #256

    Check your version with $PSVersionTable.PSVersion - it should show 5
    Code:
    PS C:\WINDOWS\system32> $PSVersionTable.PSVersion
    
    Major  Minor  Build  Revision
    -----  -----  -----  --------
    5      1      16299  98
    
    
    PS C:\WINDOWS\system32>
      My ComputerSystem Spec


  8. Posts : 1,336
    W10 pro x64 and W8.1 x86
       19 Jan 2018 #257

    It does, thanks :) Version 5.

    OK, I think I have sussed out what is happening. Post #1 has been edited and some of the commands are different since I first tried all this on W10.

    I need to go back now to 8.1 forums and see whats what there. I'll try the version command on that system shortly.

    Click image for larger version. 

Name:	SP1.JPG 
Views:	2 
Size:	110.2 KB 
ID:	173286
      My ComputerSystem Spec


  9. Posts : 1,336
    W10 pro x64 and W8.1 x86
       19 Jan 2018 #258

    The 8.1 PC shows this for version. I'll have to look into this one over at 'tother place. There have been zero replies to the 'duplicate' thread over there.

    Code:
    Windows PowerShell
    Copyright (C) 2014 Microsoft Corporation. All rights reserved.
    
    PS C:\Windows\system32> $PSVersionTable.PSVersion
    
    Major  Minor  Build  Revision
    -----  -----  -----  --------
    4      0      -1     -1
    
    
    PS C:\Windows\system32>
      My ComputerSystem Spec

  10.    19 Jan 2018 #259

    Installation will not work with powershell 4 as the command was not released until version 5. You would have to download the module manually from somewhere. Only then could you Import it.

    You could try copying it from Windows 10 (it is in C:\Program Files\WindowsPowerShell\Modules\SpeculationControl ) but I don't know if it would work on 8.1 and don't have a 8.1 system to try it. Maybe it would as it looks quite simple.

    This is (most of) the code the Install-Module downloaded for me. I just deleted some of the extra guff.

    You could copy/paste this into administrator Powershell ISE and see if it works (just paste the whole lot into the white box at the top and press F5 to run it) - it works fine in Windows 10 so maybe it would. Like this:
    Code:
        $NtQSIDefinition = @'
        [DllImport("ntdll.dll")]
        public static extern int NtQuerySystemInformation(uint systemInformationClass, IntPtr systemInformation, uint systemInformationLength, IntPtr returnLength);
    '@
        
        $ntdll = Add-Type -MemberDefinition $NtQSIDefinition -Name 'ntdll' -Namespace 'Win32' -PassThru
    
    
        [System.IntPtr]$systemInformationPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal(4)
        [System.IntPtr]$returnLengthPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal(4)
    
        $object = New-Object -TypeName PSObject
    
        try {
        
            #
            # Query branch target injection information.
            #
    
            Write-Host "Speculation control settings for CVE-2017-5715 [branch target injection]" -ForegroundColor Cyan
            Write-Host "For more information about the output below, please refer to https://support.microsoft.com/en-in/help/4074629" -ForegroundColor Cyan
            Write-Host
    
            $btiHardwarePresent = $false
            $btiWindowsSupportPresent = $false
            $btiWindowsSupportEnabled = $false
            $btiDisabledBySystemPolicy = $false
            $btiDisabledByNoHardwareSupport = $false
        
            [System.UInt32]$systemInformationClass = 201
            [System.UInt32]$systemInformationLength = 4
    
            $retval = $ntdll::NtQuerySystemInformation($systemInformationClass, $systemInformationPtr, $systemInformationLength, $returnLengthPtr)
    
            if ($retval -eq 0xc0000003 -or $retval -eq 0xc0000002) {
                # fallthrough
            }
            elseif ($retval -ne 0) {
                throw (("Querying branch target injection information failed with error {0:X8}" -f $retval))
            }
            else {
        
                [System.UInt32]$scfBpbEnabled = 0x01
                [System.UInt32]$scfBpbDisabledSystemPolicy = 0x02
                [System.UInt32]$scfBpbDisabledNoHardwareSupport = 0x04
                [System.UInt32]$scfHwReg1Enumerated = 0x08
                [System.UInt32]$scfHwReg2Enumerated = 0x10
                [System.UInt32]$scfHwMode1Present = 0x20
                [System.UInt32]$scfHwMode2Present = 0x40
                [System.UInt32]$scfSmepPresent = 0x80
    
                [System.UInt32]$flags = [System.UInt32][System.Runtime.InteropServices.Marshal]::ReadInt32($systemInformationPtr)
    
                $btiHardwarePresent = ((($flags -band $scfHwReg1Enumerated) -ne 0) -or (($flags -band $scfHwReg2Enumerated)))
                $btiWindowsSupportPresent = $true
                $btiWindowsSupportEnabled = (($flags -band $scfBpbEnabled) -ne 0)
    
                if ($btiWindowsSupportEnabled -eq $false) {
                    $btiDisabledBySystemPolicy = (($flags -band $scfBpbDisabledSystemPolicy) -ne 0)
                    $btiDisabledByNoHardwareSupport = (($flags -band $scfBpbDisabledNoHardwareSupport) -ne 0)
                }
    
                if ($PSBoundParameters['Verbose']) {
                    Write-Host "BpbEnabled                   :" (($flags -band $scfBpbEnabled) -ne 0)
                    Write-Host "BpbDisabledSystemPolicy      :" (($flags -band $scfBpbDisabledSystemPolicy) -ne 0)
                    Write-Host "BpbDisabledNoHardwareSupport :" (($flags -band $scfBpbDisabledNoHardwareSupport) -ne 0)
                    Write-Host "HwReg1Enumerated             :" (($flags -band $scfHwReg1Enumerated) -ne 0)
                    Write-Host "HwReg2Enumerated             :" (($flags -band $scfHwReg2Enumerated) -ne 0)
                    Write-Host "HwMode1Present               :" (($flags -band $scfHwMode1Present) -ne 0)
                    Write-Host "HwMode2Present               :" (($flags -band $scfHwMode2Present) -ne 0)
                    Write-Host "SmepPresent                  :" (($flags -band $scfSmepPresent) -ne 0)
                }
            }
    
            Write-Host "Hardware support for branch target injection mitigation is present:"($btiHardwarePresent) -ForegroundColor $(If ($btiHardwarePresent) { [System.ConsoleColor]::Green } Else { [System.ConsoleColor]::Red })
            Write-Host "Windows OS support for branch target injection mitigation is present:"($btiWindowsSupportPresent) -ForegroundColor $(If ($btiWindowsSupportPresent) { [System.ConsoleColor]::Green } Else { [System.ConsoleColor]::Red })
            Write-Host "Windows OS support for branch target injection mitigation is enabled:"($btiWindowsSupportEnabled) -ForegroundColor $(If ($btiWindowsSupportEnabled) { [System.ConsoleColor]::Green } Else { [System.ConsoleColor]::Red })
      
            if ($btiWindowsSupportPresent -eq $true -and $btiWindowsSupportEnabled -eq $false) {
                Write-Host -ForegroundColor Red "Windows OS support for branch target injection mitigation is disabled by system policy:"($btiDisabledBySystemPolicy)
                Write-Host -ForegroundColor Red "Windows OS support for branch target injection mitigation is disabled by absence of hardware support:"($btiDisabledByNoHardwareSupport)
            }
            
            $object | Add-Member -MemberType NoteProperty -Name BTIHardwarePresent -Value $btiHardwarePresent
            $object | Add-Member -MemberType NoteProperty -Name BTIWindowsSupportPresent -Value $btiWindowsSupportPresent
            $object | Add-Member -MemberType NoteProperty -Name BTIWindowsSupportEnabled -Value $btiWindowsSupportEnabled
            $object | Add-Member -MemberType NoteProperty -Name BTIDisabledBySystemPolicy -Value $btiDisabledBySystemPolicy
            $object | Add-Member -MemberType NoteProperty -Name BTIDisabledByNoHardwareSupport -Value $btiDisabledByNoHardwareSupport
    
            #
            # Query kernel VA shadow information.
            #
    
            Write-Host
            Write-Host "Speculation control settings for CVE-2017-5754 [rogue data cache load]" -ForegroundColor Cyan
            Write-Host    
    
            $kvaShadowRequired = $true
            $kvaShadowPresent = $false
            $kvaShadowEnabled = $false
            $kvaShadowPcidEnabled = $false
    
            $cpu = Get-WmiObject Win32_Processor
    
            if ($cpu -is [array]) {
                $cpu = $cpu[0]
            }
    
            $manufacturer = $cpu.Manufacturer
    
            if ($manufacturer -eq "AuthenticAMD") {
                $kvaShadowRequired = $false
            }
            elseif ($manufacturer -eq "GenuineIntel") {
                $regex = [regex]'Family (\d+) Model (\d+) Stepping (\d+)'
                $result = $regex.Match($cpu.Description)
                
                if ($result.Success) {
                    $family = [System.UInt32]$result.Groups[1].Value
                    $model = [System.UInt32]$result.Groups[2].Value
                    $stepping = [System.UInt32]$result.Groups[3].Value
                    
                    if (($family -eq 0x6) -and 
                        (($model -eq 0x1c) -or
                         ($model -eq 0x26) -or
                         ($model -eq 0x27) -or
                         ($model -eq 0x36) -or
                         ($model -eq 0x35))) {
    
                        $kvaShadowRequired = $false
                    }
                }
            }
            else {
                throw ("Unsupported processor manufacturer: {0}" -f $manufacturer)
            }
    
            [System.UInt32]$systemInformationClass = 196
            [System.UInt32]$systemInformationLength = 4
    
            $retval = $ntdll::NtQuerySystemInformation($systemInformationClass, $systemInformationPtr, $systemInformationLength, $returnLengthPtr)
    
            if ($retval -eq 0xc0000003 -or $retval -eq 0xc0000002) {
            }
            elseif ($retval -ne 0) {
                throw (("Querying kernel VA shadow information failed with error {0:X8}" -f $retval))
            }
            else {
        
                [System.UInt32]$kvaShadowEnabledFlag = 0x01
                [System.UInt32]$kvaShadowUserGlobalFlag = 0x02
                [System.UInt32]$kvaShadowPcidFlag = 0x04
                [System.UInt32]$kvaShadowInvpcidFlag = 0x08
    
                [System.UInt32]$flags = [System.UInt32][System.Runtime.InteropServices.Marshal]::ReadInt32($systemInformationPtr)
    
                $kvaShadowPresent = $true
                $kvaShadowEnabled = (($flags -band $kvaShadowEnabledFlag) -ne 0)
                $kvaShadowPcidEnabled = ((($flags -band $kvaShadowPcidFlag) -ne 0) -and (($flags -band $kvaShadowInvpcidFlag) -ne 0))
    
                if ($PSBoundParameters['Verbose']) {
                    Write-Host "KvaShadowEnabled             :" (($flags -band $kvaShadowEnabledFlag) -ne 0)
                    Write-Host "KvaShadowUserGlobal          :" (($flags -band $kvaShadowUserGlobalFlag) -ne 0)
                    Write-Host "KvaShadowPcid                :" (($flags -band $kvaShadowPcidFlag) -ne 0)
                    Write-Host "KvaShadowInvpcid             :" (($flags -band $kvaShadowInvpcidFlag) -ne 0)
                }
            }
            
            Write-Host "Hardware requires kernel VA shadowing:"$kvaShadowRequired
    
            if ($kvaShadowRequired) {
    
                Write-Host "Windows OS support for kernel VA shadow is present:"$kvaShadowPresent -ForegroundColor $(If ($kvaShadowPresent) { [System.ConsoleColor]::Green } Else { [System.ConsoleColor]::Red })
                Write-Host "Windows OS support for kernel VA shadow is enabled:"$kvaShadowEnabled -ForegroundColor $(If ($kvaShadowEnabled) { [System.ConsoleColor]::Green } Else { [System.ConsoleColor]::Red })
    
                if ($kvaShadowEnabled) {
                    Write-Host "Windows OS support for PCID performance optimization is enabled: $kvaShadowPcidEnabled [not required for security]" -ForegroundColor $(If ($kvaShadowPcidEnabled) { [System.ConsoleColor]::Green } Else { [System.ConsoleColor]::White })
                }
            }
    
            
            $object | Add-Member -MemberType NoteProperty -Name KVAShadowRequired -Value $kvaShadowRequired
            $object | Add-Member -MemberType NoteProperty -Name KVAShadowWindowsSupportPresent -Value $kvaShadowPresent
            $object | Add-Member -MemberType NoteProperty -Name KVAShadowWindowsSupportEnabled -Value $kvaShadowEnabled
            $object | Add-Member -MemberType NoteProperty -Name KVAShadowPcidEnabled -Value $kvaShadowPcidEnabled
    
            #
            # Provide guidance as appropriate.
            #
    
            $actions = @()
            
            if ($btiHardwarePresent -eq $false) {
                $actions += "Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injection mitigation."
            }
    
            if ($btiWindowsSupportPresent -eq $false -or $kvaShadowPresent -eq $false) {
                $actions += "Install the latest available updates for Windows with support for speculation control mitigations."
            }
    
            if (($btiHardwarePresent -eq $true -and $btiWindowsSupportEnabled -eq $false) -or ($kvaShadowRequired -eq $true -and $kvaShadowEnabled -eq $false)) {
                $guidanceUri = ""
                $guidanceType = ""
    
                
                $os = Get-WmiObject Win32_OperatingSystem
    
                if ($os.ProductType -eq 1) {
                    # Workstation
                    $guidanceUri = "https://support.microsoft.com/help/4073119"
                    $guidanceType = "Client"
                }
                else {
                    # Server/DC
                    $guidanceUri = "https://support.microsoft.com/help/4072698"
                    $guidanceType = "Server"
                }
    
                $actions += "Follow the guidance for enabling Windows $guidanceType support for speculation control mitigations described in $guidanceUri"
            }
    
            if ($actions.Length -gt 0) {
    
                Write-Host
                Write-Host "Suggested actions" -ForegroundColor Cyan
                Write-Host 
    
                foreach ($action in $actions) {
                    Write-Host " *" $action
                }
            }
    
    
            return $object
    
        }
        finally
        {
            if ($systemInformationPtr -ne [System.IntPtr]::Zero) {
                [System.Runtime.InteropServices.Marshal]::FreeHGlobal($systemInformationPtr)
            }
     
            if ($returnLengthPtr -ne [System.IntPtr]::Zero) {
                [System.Runtime.InteropServices.Marshal]::FreeHGlobal($returnLengthPtr)
            }
        }
    Click image for larger version. 

Name:	Capture.PNG 
Views:	3 
Size:	116.5 KB 
ID:	173288
      My ComputerSystem Spec


 
Page 26 of 75 FirstFirst ... 16242526272836 ... LastLast

Related Threads
The PowerShell script execution policies enables you to determine which Windows PowerShell scripts (if any) will be allowed to run on your computer. Windows PowerShell has four different execution policies: Execution Policy Description ...
Source: Mitigating speculative execution side-channel attacks in Microsoft Edge and Internet Explorer - Microsoft Edge Dev Blog See also update: Cumulative Update KB4056892 Windows 10 v1709 Build 16299.192 - Windows 10 Forums
Source: Google Online Security Blog: Disclosing vulnerabilities to protect users
Windows 10 - Need some guidance on recovery in Installation and Upgrade
One of my spare Windows 10 machines is on life support. I must have clobbered it somehow when I was tweaking the multiple display settings ( to incorporate a HDMI projector). It actually worked fine all week, but today, when I tired to set it...
Read more: http://www.zdnet.com/article/microsoft-offers-it-guidance-to-prepare-for-windows-as-a-service/
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 21:36.
Find Us