Windows 10: Windows Client Guidance against speculative execution vulnerabilities

Page 6 of 73 FirstFirst ... 456781656 ... LastLast

  1. Posts : 38,043
    Dual boot Windows 10 FCU Pro x 64 & current Insider 10 Pro
       06 Jan 2018 #50

    Superfly said: View Post
    Hmmm.. that one does need some updating...seems all it has is the Win update fix.... firmware is non-compliant..
    That was on my FCU partition. Below is my IP 17063 partition, which, of course, is the same BIOS, but they say we Insiders are running the latest security fixes? What a crock!

    Absolutely nothing on the Asus site about this issue. Not in support or news. Zilch. I have this sinking feeling I won't be able to update this tower, nor my laptop BIOS. Probably at least half of us here will own boat anchors soon unless we get updates. If not, then these bass turd corporations will turn around and sell us more junk. Money sucking educated idiots, every one of them.

    Gates had better step in on this issue to do something about it.


    Click image for larger version. 

Name:	Vulneralability Script Results Asus IP.PNG 
Views:	5 
Size:	55.4 KB 
ID:	171104
      My ComputersSystem Spec

  2.    06 Jan 2018 #51

    HippsieGypsie said: View Post
    That was on my FCU partition. Below is my IP 17063 partition, which, of course, is the same BIOS, but they say we Insiders are running the latest security fixes? What a crock!

    Absolutely nothing on the Asus site about this issue. Not in support or news. Zilch. I have this sinking feeling I won't be able to update this tower, nor my laptop BIOS. Probably at least half of us here will own boat anchors soon unless we get updates. If not, then these bass turd corporations will turn around and sell us more junk. Money sucking educated idiots, every one of them.

    Gates had better step in on this issue to do something about it.
    Click image for larger version. 

Name:	Vulneralability Script Results Asus IP.PNG 
Views:	5 
Size:	55.4 KB 
ID:	171104


    My posts are getting deleted at a rapid rate...so read quickly...

    But totally agree... what goes around comes around...

    ...my last post here.
      My ComputerSystem Spec


  3. Posts : 569
    Windows 10 Pro 64bit; Windows 10 TP; KDE Neon
       06 Jan 2018 #52

    @Brink, can you please add the PowerShell command to restore things the way they were, before all this?

    Is this the appropriate command?

    Set-ExecutionPolicy Restricted -Scope Process -Force


    Thank you.
      My ComputerSystem Spec


  4. Posts : 21,003
    Win10 Pro, Win10 Pro N, Win10 Home, Win10 Pro Insider Fast Ring, Windows 8.1 Pro, Ubuntu
       06 Jan 2018 #53

    Joanne said: View Post
    @Brink, can you please add the PowerShell command to restore things the way they were, before all this?

    Is this the appropriate command?

    Set-ExecutionPolicy Restricted -Scope Process -Force


    Thank you.
    Using the Set-ExecutionPolicy Cmdlet
    Changing the Windows PowerShell Script Execution Policy
    The Set-ExecutionPolicy cmdlet enables you to determine which Windows PowerShell scripts (if any) will be allowed to run on your computer. Windows PowerShell has four different execution policies:

    Restricted - No scripts can be run. Windows PowerShell can be used only in interactive mode.
    AllSigned - Only scripts signed by a trusted publisher can be run.
    RemoteSigned - Downloaded scripts must be signed by a trusted publisher before they can be run.
    Unrestricted - No restrictions; all Windows PowerShell scripts can be run.

    To assign a particular policy simply call Set-ExecutionPolicy followed by the appropriate policy name. For example, this command sets the execution policy to RemoteSigned:
    Code:
    Set-ExecutionPolicy RemoteSigned
    Using the Set-ExecutionPolicy Cmdlet
      My ComputersSystem Spec


  5. Posts : 569
    Windows 10 Pro 64bit; Windows 10 TP; KDE Neon
       06 Jan 2018 #54

    Eh... Okay, thank you... but... no time + not quite in the mood right now to try this new thing I meet, first time in my life, so... which command exactly returns the system the way it was before all this? And does the "-Scope Process -Force" part of the initial commands play any role?

    Like, IF I will give "Set-ExecutionPolicy RemoteSigned" will it get applied OR will PowerShell complain due to the Scope Process Force?

    @Brink, hello, please?
      My ComputerSystem Spec

  6.    06 Jan 2018 #55

    Joanne said: View Post
    Eh... Okay, thank you... but... no time + not quite in the mood right now to try this new thing I meet, first time in my life, so... which command exactly returns the system the way it was before all this? And does the "-Scope Process -Force" part of the initial commands play any role?

    Like, IF I will give "Set-ExecutionPolicy RemoteSigned" will it get applied OR will PowerShell complain due to the Scope Process Force?

    @Brink, hello, please?
    This PowerShell and the execution policies explained | JeffOps appears to explain the
    -Scope” parameter and to my mind if we use the Process switch it will only alter the current process, so closing Powershell will cancel any changes.
    I too would like confirmation of that.....

    EDIT:
    If you run all 3 steps in the OP of this thread, THEN close and Reopen Powershell, THEN ONLY run
    Get-SpeculationControlSettings
    WITHOUT running the previous 2 steps, it fails to run.
    Run all 3 steps again and it works as illustrated so it looks like it does just affect the current process as i said above.

    Actually, reading the first post it does say "
    Temporarily set PowerShell script execution policy"
    And if you type Get-ExecutionPolicy when you first open Powershell it's Restricted
    Run the first command "Set-ExecutionPolicy Unrestricted -Scope Process -Force" it goes to Unrestricted
    Close and reopen Powershell and it's Restricted again
      My ComputerSystem Spec


  7. Posts : 569
    Windows 10 Pro 64bit; Windows 10 TP; KDE Neon
       06 Jan 2018 #56

    Okay, thank you, now I understand it is temporarily. It is OK now.


    Click image for larger version. 

Name:	OKOK.png 
Views:	11 
Size:	125.9 KB 
ID:	171116
      My ComputerSystem Spec


  8. Posts : 1,292
    W10 pro x64 and W8.1 x86
       06 Jan 2018 #57

    My understanding so far in all this is that the Windows Updates are only a tiny part of the puzzle and its solution, and that it will be future firmware updates that complete the fix... and I also assume that is the point we will see any performance impacts.

    Is that a correct assumption ?

    I looked at Dell and see they now have a dedicated page to this:

    Microprocessor Side-Channel Attacks (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754): Impact on Dell products | Dell US


    I also see that as yet my Vostro 3750 doesn't make the list (maybe considered to old at 6 yrs).

    Also, if a firmware update is the last piece of the puzzle then is it also correct to say that such an update can only be applied manually via a user searching the details out, or a user running a PC that is linked to and automatically supported by a manufacturer ?

    I see that as a major issue where things can and will go wrong for some.
      My ComputerSystem Spec

  9.    06 Jan 2018 #58

    Mooly said: View Post
    My understanding so far in all this is that the Windows Updates are only a tiny part of the puzzle and its solution, and that it will be future firmware updates that complete the fix... and I also assume that is the point we will see any performance impacts.

    Is that a correct assumption ?

    I looked at Dell and see they now have a dedicated page to this:

    Microprocessor Side-Channel Attacks (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754): Impact on Dell products | Dell US


    I also see that as yet my Vostro 3750 doesn't make the list (maybe considered to old at 6 yrs).

    Also, if a firmware update is the last piece of the puzzle then is it also correct to say that such an update can only be applied manually via a user searching the details out, or a user running a PC that is linked to and automatically supported by a manufacturer ?

    I see that as a major issue where things can and will go wrong for some.
    Seemingly, there will be lot of system that will not receive BIOS/EUFI updates. Most hardware, including the CPU, have a three years warranty. And of course, it is a limited warranty...

    The chances are that hardware, where the warranty period expired, the updates will be scarce. OEMs, manufacturers, etc., would love to see you purchase a new system in this stagnating computer market. Even if purchasing a new system will not result in much of a performance increase over the existing one. Especially, if the new system does not have SSD drive and the old one with Sandy or Ivy Bridge CPU does....

    Click image for larger version. 

Name:	PS check.jpg 
Views:	2 
Size:	70.9 KB 
ID:	171138

    That's on my W10 system that's EOL-ed; yes there is a better acronym for that...
      My ComputerSystem Spec

  10.    06 Jan 2018 #59

    Hi,

    Seemingly, there will be lot of system that will not receive BIOS/EUFI updates.
    A bios/uefi update won't be fixing this vulnerability anyhow. Intel, Google, MS and so on are working on solutions for it.
    There are pretty recent (November 2017) micro code updates available for pretty much any cpu that needs it starting with the now prehistoric Pentiums and upwards.
    It does not resolve this vulnerability yet, just saying that there's hope for people with oldish hard ware.


    Cheers,
      My ComputersSystem Spec


 
Page 6 of 73 FirstFirst ... 456781656 ... LastLast

Related Threads
The PowerShell script execution policies enables you to determine which Windows PowerShell scripts (if any) will be allowed to run on your computer. Windows PowerShell has four different execution policies: Execution Policy Description ...
Source: Mitigating speculative execution side-channel attacks in Microsoft Edge and Internet Explorer - Microsoft Edge Dev Blog See also update: Cumulative Update KB4056892 Windows 10 v1709 Build 16299.192 - Windows 10 Forums
Source: Google Online Security Blog: Disclosing vulnerabilities to protect users
Windows 10 - Need some guidance on recovery in Installation and Upgrade
One of my spare Windows 10 machines is on life support. I must have clobbered it somehow when I was tweaking the multiple display settings ( to incorporate a HDMI projector). It actually worked fine all week, but today, when I tired to set it...
Read more: http://www.zdnet.com/article/microsoft-offers-it-guidance-to-prepare-for-windows-as-a-service/
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 09:27.
Find Us