New
#190
Seems all is in order here?:
Code:For more information about the output below, please refer to https://support.microsoft.com/en-in/help/4074629 Speculation control settings for CVE-2017-5715 [branch target injection] Hardware support for branch target injection mitigation is present: True Windows OS support for branch target injection mitigation is present: True Windows OS support for branch target injection mitigation is enabled: True Speculation control settings for CVE-2017-5754 [rogue data cache load] Hardware requires kernel VA shadowing: True Windows OS support for kernel VA shadow is present: True Windows OS support for kernel VA shadow is enabled: True Windows OS support for PCID performance optimization is enabled: True [not required for security] Speculation control settings for CVE-2018-3639 [speculative store bypass] Hardware is vulnerable to speculative store bypass: True Hardware support for speculative store bypass disable is present: False Windows OS support for speculative store bypass disable is present: True Windows OS support for speculative store bypass disable is enabled system-wide: False Speculation control settings for CVE-2018-3620 [L1 terminal fault] Hardware is vulnerable to L1 terminal fault: True Windows OS support for L1 terminal fault mitigation is present: True Windows OS support for L1 terminal fault mitigation is enabled: True BTIHardwarePresent : True BTIWindowsSupportPresent : True BTIWindowsSupportEnabled : True BTIDisabledBySystemPolicy : False BTIDisabledByNoHardwareSupport : False BTIKernelRetpolineEnabled : False BTIKernelImportOptimizationEnabled : False KVAShadowRequired : True KVAShadowWindowsSupportPresent : True KVAShadowWindowsSupportEnabled : True KVAShadowPcidEnabled : True SSBDWindowsSupportPresent : True SSBDHardwareVulnerable : True SSBDHardwarePresent : False SSBDWindowsSupportEnabledSystemWide : False L1TFHardwareVulnerable : True L1TFWindowsSupportPresent : True L1TFWindowsSupportEnabled : True L1TFInvalidPteBit : 45 L1DFlushSupported : False
Two observations:
1. Retpoline enablement
BTIKernelRetpolineEnabled : False
BTIKernelImportOptimizationEnabled : False
You can enable them via Registry update or wait until a future Update (unknown when) does it for you.
2. There is a discussion whether L1DFlushSupported, should be True (mine is). Check if you have the latest available microcode revision. Check this post
Also, for me there was a line break after -force so .\CPU-info.ps1 was split to a second line and therefore wouldn't run. I had to append it to the first line, then it ran okay.
@ddelo, will try installing KB4465065 and then re-running the Powershell script.
Many thanks again for your continued excellent support and advice.
Edit: Turns out that was not true. It's supposed to be two separate commands, sorry for the misinformation.