Cumulative Update KB4482887 Windows 10 v1809 Build 17763.348 - March 1 Win Update

Page 25 of 34 FirstFirst ... 152324252627 ... LastLast
  1. f14tomcat's Avatar
    Posts : 40,476
    Triple boot - Win 10 Pro, Win 10 Pro Insider (2) - (and a sprinkling of VMs)
       #240

    And I get this.

    Code:
    Speculation control settings for CVE-2017-5715 [branch target injection]
    
    Hardware support for branch target injection mitigation is present: True
    Windows OS support for branch target injection mitigation is present: True
    Windows OS support for branch target injection mitigation is enabled: True
    
    Speculation control settings for CVE-2017-5754 [rogue data cache load]
    
    Hardware requires kernel VA shadowing: True
    Windows OS support for kernel VA shadow is present: True
    Windows OS support for kernel VA shadow is enabled: True
    Windows OS support for PCID performance optimization is enabled: True [not required for security]
    
    Speculation control settings for CVE-2018-3639 [speculative store bypass]
    
    Hardware is vulnerable to speculative store bypass: True
    Hardware support for speculative store bypass disable is present: True
    Windows OS support for speculative store bypass disable is present: True
    Windows OS support for speculative store bypass disable is enabled system-wide: False
    
    Speculation control settings for CVE-2018-3620 [L1 terminal fault]
    
    Hardware is vulnerable to L1 terminal fault: True
    Windows OS support for L1 terminal fault mitigation is present: True
    Windows OS support for L1 terminal fault mitigation is enabled: True
    
    
    BTIHardwarePresent                  : True
    BTIWindowsSupportPresent            : True
    BTIWindowsSupportEnabled            : True
    BTIDisabledBySystemPolicy           : False
    BTIDisabledByNoHardwareSupport      : False
    BTIKernelRetpolineEnabled           : False
    BTIKernelImportOptimizationEnabled  : False
    KVAShadowRequired                   : True
    KVAShadowWindowsSupportPresent      : True
    KVAShadowWindowsSupportEnabled      : True
    KVAShadowPcidEnabled                : True
    SSBDWindowsSupportPresent           : True
    SSBDHardwareVulnerable              : True
    SSBDHardwarePresent                 : True
    SSBDWindowsSupportEnabledSystemWide : False
    L1TFHardwareVulnerable              : True
    L1TFWindowsSupportPresent           : True
    L1TFWindowsSupportEnabled           : True
    L1TFInvalidPteBit                   : 45
    L1DFlushSupported                   : True
    Gonna call it quits for the night before I break something. Let me know if this output is good or bad.....
      My ComputersSystem Spec

  2.    #241

    f14tomcat said: View Post
    And I get this.

    Code:
    Speculation control settings for CVE-2017-5715 [branch target injection]
    
    Hardware support for branch target injection mitigation is present: True
    Windows OS support for branch target injection mitigation is present: True
    Windows OS support for branch target injection mitigation is enabled: True
    
    Speculation control settings for CVE-2017-5754 [rogue data cache load]
    
    Hardware requires kernel VA shadowing: True
    Windows OS support for kernel VA shadow is present: True
    Windows OS support for kernel VA shadow is enabled: True
    Windows OS support for PCID performance optimization is enabled: True [not required for security]
    
    Speculation control settings for CVE-2018-3639 [speculative store bypass]
    
    Hardware is vulnerable to speculative store bypass: True
    Hardware support for speculative store bypass disable is present: True
    Windows OS support for speculative store bypass disable is present: True
    Windows OS support for speculative store bypass disable is enabled system-wide: False
    
    Speculation control settings for CVE-2018-3620 [L1 terminal fault]
    
    Hardware is vulnerable to L1 terminal fault: True
    Windows OS support for L1 terminal fault mitigation is present: True
    Windows OS support for L1 terminal fault mitigation is enabled: True
    
    
    BTIHardwarePresent                  : True
    BTIWindowsSupportPresent            : True
    BTIWindowsSupportEnabled            : True
    BTIDisabledBySystemPolicy           : False
    BTIDisabledByNoHardwareSupport      : False
    BTIKernelRetpolineEnabled           : False
    BTIKernelImportOptimizationEnabled  : False
    KVAShadowRequired                   : True
    KVAShadowWindowsSupportPresent      : True
    KVAShadowWindowsSupportEnabled      : True
    KVAShadowPcidEnabled                : True
    SSBDWindowsSupportPresent           : True
    SSBDHardwareVulnerable              : True
    SSBDHardwarePresent                 : True
    SSBDWindowsSupportEnabledSystemWide : False
    L1TFHardwareVulnerable              : True
    L1TFWindowsSupportPresent           : True
    L1TFWindowsSupportEnabled           : True
    L1TFInvalidPteBit                   : 45
    L1DFlushSupported                   : True
    As said before....you're in a great shape.
    The only thing that you might want to do is to enable BTIKernelImportOptimizationEnabled, because according to Intel your CPU cannot use Retpoline.
    To do that just make the two registry changes proposed in the Windows Kernel Internals blog post.
      My ComputerSystem Spec

  3.    #242

    ddelo said: View Post
    Thanks a lot. Your output makes perfect sense to me.
    You see IronZorg89, did the exact same thing with you, i.e applied KB4465065 and his first entry went to revision 0x25. But for a very strange reason, the second entry (the UEFI one) got up to 0x25 too. Which is insane, as KB4465065 does not touch BIOS/UEFI.
    So I'm trying to figure out what the problem is. Is it the script or KB4465065 messed up something?
    That's why I asked for your output.
    Anyway, thanks again.
    Now, I clearly understand what the problem is with regard to my output. The second entry (UEFI) is where the problem lies. As to the reason, this is completely over my head, but I just ran sfc /scannow and it found some integrity violations and repaired them all. Also ran "Dism.exe /online /Cleanup-Image /restorehealth" and the restore operation completed successfully.

    I understand that probably won't have any positive impact on my output for the UEFI which is at the CPU level. The real question is why all other users who did the same thing by running KB4465065 don't show this issue . Uninstalling the KB won't serve any purpose because I would be back with L1DFlusSupported to a value of "False", meaning back to square one. What a drag!
      My ComputerSystem Spec

  4.    #243

    @IronZorg89 L1DFlushSupported : True (MCU Rev. 0x25) & L1DFlushSupported : False (MCU Rev. 0x24)

    Reference; Here


    @boombastik Correct me if I'm wrong.
      My ComputerSystem Spec

  5.    #244

    ddelo said: View Post
    OK Rich...some insight on your output.
    According to intel's latest information for your CPU, you must have revision 0x25. You have 0x12, since 2013. Meaning that you have to go to the support page of Lenovo and get the latest one they have available. From a quick search I did, Lenovo does not provide any BIOS update on their site for the IdeaCentre K450 10120 Desktop. Unless I made a mistake, as I've never been a Lenovo customer and don't know my way around their Support pages, you're out of luck from the Manufacturer. But you can always search for yourself and see if there is a newer one.

    Since your UEFI is out-of-date, at a point of time Microsoft installed an update and thus, at startup, it loads a newer microcode revision 0x24.
    Since you're on v1809, you need to update your microcode to the latest 0x25, by installing KB4465065, which according to Microsoft will bring your microcode revision to 0x25 and provide the most recent mitigations to all known, until today, vulnerabilities.
    Get it from Microsoft Update Catalog and install it.
    After installing it, run the Powershell script again, to verify the results.

    If you need anything else, please don't hesitate to ask.
    Tah, i have a 2450M in a toshiba aio that was on 2Dh, updated it to 2e now.
      My ComputerSystem Spec

  6.    #245

    Diceman2037 said: View Post
    Tah, i have a 2450M in a toshiba aio that was on 2Dh, updated it to 2e now.
    Great!
      My ComputerSystem Spec

  7.    #246

    khanmein said: View Post
    @IronZorg89 L1DFlushSupported : True (MCU Rev. 0x25) & L1DFlushSupported : False (MCU Rev. 0x24)

    Reference; Here


    @boombastik Correct me if I'm wrong.
    You're absolutely correct.
    Tested twice yesterday, by two of our fellow members and that was the outcome.
    And @boombastik, did confirm it.

    In other words, we established that, if not on the latest CPU microcode via a BIOS/UEFI update (as the manufacturers don't provide such updates for older PCs - it's their way of saying, get a new one!!!), then apply KB4465065 (in v1809) to get the most recent mitigations to all known, until today, vulnerabilities.
      My ComputerSystem Spec

  8.    #247

    ddelo said: View Post
    to get the most recent mitigations to all known, until today, vulnerabilities.
    Except spoiler
      My ComputerSystem Spec

  9.    #248

    Diceman2037 said: View Post
    Except spoiler
    Sorry, i didn't get it. Which spoiler?
      My ComputerSystem Spec

  10.    #249
    Last edited by Brink; 10 Mar 2019 at 09:56. Reason: added link for more info
      My ComputerSystem Spec


 
Page 25 of 34 FirstFirst ... 152324252627 ... LastLast

Related Threads
UPDATE 1/8: Cumulative Update KB4480116 Windows 10 v1809 Build 17763.253 - Jan. 8 Windows Update - Windows 10 Forums Source: https://support.microsoft.com/en-us/help/4483235 Direct download links for KB4483235 MSU file from Microsoft...
UPDATE 3/1: Cumulative Update KB4482887 Windows 10 v1809 Build 17763.316 - March 1 Windows Update - Windows 10 Forums Source: https://support.microsoft.com/en-us/help/4487044/windows-10-update-kb4487044 Direct download links for...
New Cumulative Update KB4482887 released via Windows Update to Windows 10 version 1809 build 17763.346 for Windows Insiders in the Release Preview ring. Direct download links for KB4482887 CAB file from Microsoft Update Catalog: :tip: How to...
UDPATE 1/22: Cumulative Update KB4476976 Windows 10 v1809 Build 17763.292 - Jan. 22 Windows Update - Windows 10 Forums Source: https://support.microsoft.com/en-us/help/4480116/windows-10-update-kb4480116 :tip: Windows 10 build 17763.253...
UPDATE 12/11: Cumulative Update KB4471332 Windows 10 v1809 Build 17763.194 - Dec. 11 Windows Update - Windows 10 Forums Source: https://support.microsoft.com/en-us/help/4469342 Direct download links for KB4469342 MSU file from...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 09:54.
Find Us