Windows Client Guidance against speculative execution vulnerabilities

Hi,

At 50+ that long way to the next birthday, seem it fly's pretty darn fast though.

Brace yourself. I'll be turning 60+ in a couple of months.

But if my PS is running like it "should" or if something was wrong, I would want to know, because I do understand, PowerShell, is actually a pretty bad security problem, just by its existence

It is, isn't it ?

Cheers,

This is the result I got after running all three command lines from PowerShell (Admin) Verification as per Shawn's tutorial (first page):



At one point after the second command line, I was asked if I wanted PowershellGet to install and import the NuGet provider now. I put Yes ("y"). After the third command line, I got the results seen at the bottom of the screenshot with three "false" lines and all the rest is labelled as "True". My confusion is about "Suggested actions" highlighted in the red square with a yellow arrow:

[Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injection mitigation.]

My PC is about two years old. I am on UEFI and in the suggestion they are talking about BIOS/Firmware. Does that mean they are using the terms Bios & UEFI interchangeably?. And how do I get that update from Intel. Can anyone chime in and show me the light at the end of the tunnel?

Hi,

My PC is about two years old. I am on UEFI and in the suggestion they are talking about BIOS/Firmware. Does that mean they are using the terms Bios & UEFI interchangeably?. And how do I get that update from Intel. Can anyone chime in and show me the light at the end of the tunnel?

UEFI is still a BIOS although an advanced one so, yes they use it interchangeably. Updates will crop up to "secure" OS and CPU's from either your OEM, Intel, AMD or Microsoft (for the OS part and possibly micro code for the cpu).

It's still early days as they're all still waking up from the season holidays and such. I'd keep an eye on my MB OEM if it were me and check for BIOS/UEFI updates on a regular basis.
Currently available micro code updates from Intel aren't fixing anything yet and I very much doubt that those updates could cover both Meltdown and Spectre vulnerabilities fully.

Cheeers,

fdegrove said:

Hi,



UEFI is still a BIOS although an advanced one so, yes they use it interchangeably. Updates will crop up to "secure" OS and CPU's from either your OEM, Intel, AMD or Microsoft (for the OS part and possibly micro code for the cpu).

It's still early days as they're all still waking up from the season holidays and such. I'd keep an eye on my MB OEM if it were me and check for BIOS/UEFI updates on a regular basis.
Currently available micro code updates from Intel aren't fixing anything yet and I very much doubt that those updates could cover both Meltdown and Spectre vulnerabilities fully.

Cheeers,

Thanks a lot for your intervention. Really appreciate it. According to what you are saying, the best approach for now is to wait & see while checking for any updates regarding my MB OEM. If I understood correctly "Spectre" is only concerned with Intel processors and "Meltdown" with all the other processors as far as these speculative execution side-channel attacks may affect one's PC.

In the meantime, I found a link for Intel Detection Tool:

https://downloadcenter.intel.com/download/27150?v=t

I am going to give it a try and see what gives.

Thanks again :)

Well, if this don't beat all. This is the kind of thing where I'd like to take all 3 machines, throw them in the garbage, and look for another hobby. The smart phone too. Get a cheapo dumb phone. If this can't get fixed I just may do that. Off to see if I can find a BIOS update I guess....

Oh and thanks for the article/tutorial, Shawn.


Attachment 171101