Cumulative Update KB4482887 Windows 10 v1809 Build 17763.348 - March 1 Win Update

Page 25 of 34 FirstFirst ... 152324252627 ... LastLast

  1. f14tomcat
    Posts : 56,830
    Multi-boot Windows 10/11 - RTM, RP, Beta, and Insider
       New #240

    ddelo said:
    Dick, this is what you need
    https://support.microsoft.com/en-us/...ngs-powershell


    And here is how to install it.
    Cumulative Update KB4482887 Windows 10 v1809 Build 17763.348 - March 1 Windows Update - Page 14 - Windows 10 Forums
    And I get this.

    Code:
    Speculation control settings for CVE-2017-5715 [branch target injection]

Hardware support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: True

Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID performance optimization is enabled: True [not required for security]

Speculation control settings for CVE-2018-3639 [speculative store bypass]

Hardware is vulnerable to speculative store bypass: True
Hardware support for speculative store bypass disable is present: True
Windows OS support for speculative store bypass disable is present: True
Windows OS support for speculative store bypass disable is enabled system-wide: False

Speculation control settings for CVE-2018-3620 [L1 terminal fault]

Hardware is vulnerable to L1 terminal fault: True
Windows OS support for L1 terminal fault mitigation is present: True
Windows OS support for L1 terminal fault mitigation is enabled: True


BTIHardwarePresent                  : True
BTIWindowsSupportPresent            : True
BTIWindowsSupportEnabled            : True
BTIDisabledBySystemPolicy           : False
BTIDisabledByNoHardwareSupport      : False
BTIKernelRetpolineEnabled           : False
BTIKernelImportOptimizationEnabled  : False
KVAShadowRequired                   : True
KVAShadowWindowsSupportPresent      : True
KVAShadowWindowsSupportEnabled      : True
KVAShadowPcidEnabled                : True
SSBDWindowsSupportPresent           : True
SSBDHardwareVulnerable              : True
SSBDHardwarePresent                 : True
SSBDWindowsSupportEnabledSystemWide : False
L1TFHardwareVulnerable              : True
L1TFWindowsSupportPresent           : True
L1TFWindowsSupportEnabled           : True
L1TFInvalidPteBit                   : 45
L1DFlushSupported                   : True
    Gonna call it quits for the night before I break something. Let me know if this output is good or bad.....
      My Computers
    Quote Quote

  3. ddelo
    Posts : 2,450
    Windows 10 Pro x64
       New #241

    f14tomcat said:
    And I get this.

    Code:
    Speculation control settings for CVE-2017-5715 [branch target injection]

Hardware support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: True

Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID performance optimization is enabled: True [not required for security]

Speculation control settings for CVE-2018-3639 [speculative store bypass]

Hardware is vulnerable to speculative store bypass: True
Hardware support for speculative store bypass disable is present: True
Windows OS support for speculative store bypass disable is present: True
Windows OS support for speculative store bypass disable is enabled system-wide: False

Speculation control settings for CVE-2018-3620 [L1 terminal fault]

Hardware is vulnerable to L1 terminal fault: True
Windows OS support for L1 terminal fault mitigation is present: True
Windows OS support for L1 terminal fault mitigation is enabled: True


BTIHardwarePresent                  : True
BTIWindowsSupportPresent            : True
BTIWindowsSupportEnabled            : True
BTIDisabledBySystemPolicy           : False
BTIDisabledByNoHardwareSupport      : False
BTIKernelRetpolineEnabled           : False
BTIKernelImportOptimizationEnabled  : False
KVAShadowRequired                   : True
KVAShadowWindowsSupportPresent      : True
KVAShadowWindowsSupportEnabled      : True
KVAShadowPcidEnabled                : True
SSBDWindowsSupportPresent           : True
SSBDHardwareVulnerable              : True
SSBDHardwarePresent                 : True
SSBDWindowsSupportEnabledSystemWide : False
L1TFHardwareVulnerable              : True
L1TFWindowsSupportPresent           : True
L1TFWindowsSupportEnabled           : True
L1TFInvalidPteBit                   : 45
L1DFlushSupported                   : True
    As said before....you're in a great shape.
    The only thing that you might want to do is to enable BTIKernelImportOptimizationEnabled, because according to Intel your CPU cannot use Retpoline.
    To do that just make the two registry changes proposed in the Windows Kernel Internals blog post.
      My Computer
    Quote Quote

  4. IronZorg89
    Posts : 2,557
    Windows 10 pro x64-bit
       New #242

    ddelo said:
    Thanks a lot. Your output makes perfect sense to me.
    You see IronZorg89, did the exact same thing with you, i.e applied KB4465065 and his first entry went to revision 0x25. But for a very strange reason, the second entry (the UEFI one) got up to 0x25 too. Which is insane, as KB4465065 does not touch BIOS/UEFI.
    So I'm trying to figure out what the problem is. Is it the script or KB4465065 messed up something?
    That's why I asked for your output.
    Anyway, thanks again.
    Now, I clearly understand what the problem is with regard to my output. The second entry (UEFI) is where the problem lies. As to the reason, this is completely over my head, but I just ran sfc /scannow and it found some integrity violations and repaired them all. Also ran "Dism.exe /online /Cleanup-Image /restorehealth" and the restore operation completed successfully.

    I understand that probably won't have any positive impact on my output for the UEFI which is at the CPU level. The real question is why all other users who did the same thing by running KB4465065 don't show this issue . Uninstalling the KB won't serve any purpose because I would be back with L1DFlusSupported to a value of "False", meaning back to square one. What a drag!
      My Computers
    Quote Quote

  5. khanmein
    Posts : 297
    Windows 10 Pro x64
       New #243

    @IronZorg89 L1DFlushSupported : True (MCU Rev. 0x25) & L1DFlushSupported : False (MCU Rev. 0x24)

    Reference; Here


    @boombastik Correct me if I'm wrong.
      My Computer
    Quote Quote

  7. Diceman2037
    Posts : 100
    Mixed
       New #244

    ddelo said:
    OK Rich...some insight on your output.
    According to intel's latest information for your CPU, you must have revision 0x25. You have 0x12, since 2013. Meaning that you have to go to the support page of Lenovo and get the latest one they have available. From a quick search I did, Lenovo does not provide any BIOS update on their site for the IdeaCentre K450 10120 Desktop. Unless I made a mistake, as I've never been a Lenovo customer and don't know my way around their Support pages, you're out of luck from the Manufacturer. But you can always search for yourself and see if there is a newer one.

    Since your UEFI is out-of-date, at a point of time Microsoft installed an update and thus, at startup, it loads a newer microcode revision 0x24.
    Since you're on v1809, you need to update your microcode to the latest 0x25, by installing KB4465065, which according to Microsoft will bring your microcode revision to 0x25 and provide the most recent mitigations to all known, until today, vulnerabilities.
    Get it from Microsoft Update Catalog and install it.
    After installing it, run the Powershell script again, to verify the results.

    If you need anything else, please don't hesitate to ask.
    Tah, i have a 2450M in a toshiba aio that was on 2Dh, updated it to 2e now.
      My Computer
    Quote Quote

  8. ddelo
    Posts : 2,450
    Windows 10 Pro x64
       New #245

    Diceman2037 said:
    Tah, i have a 2450M in a toshiba aio that was on 2Dh, updated it to 2e now.
    Great!
      My Computer
    Quote Quote

  9. ddelo
    Posts : 2,450
    Windows 10 Pro x64
       New #246

    khanmein said:
    @IronZorg89 L1DFlushSupported : True (MCU Rev. 0x25) & L1DFlushSupported : False (MCU Rev. 0x24)

    Reference; Here


    @boombastik Correct me if I'm wrong.
    You're absolutely correct.
    Tested twice yesterday, by two of our fellow members and that was the outcome.
    And @boombastik, did confirm it.

    In other words, we established that, if not on the latest CPU microcode via a BIOS/UEFI update (as the manufacturers don't provide such updates for older PCs - it's their way of saying, get a new one!!!), then apply KB4465065 (in v1809) to get the most recent mitigations to all known, until today, vulnerabilities.
      My Computer
    Quote Quote

  10. Diceman2037
    Posts : 100
    Mixed
       New #247

    ddelo said:
    to get the most recent mitigations to all known, until today, vulnerabilities.
    Except spoiler
      My Computer
    Quote Quote

  11. ddelo
    Posts : 2,450
    Windows 10 Pro x64
       New #248

    Diceman2037 said:
    Except spoiler
    Sorry, i didn't get it. Which spoiler?
      My Computer
    Quote Quote

  13. stormy13
    Posts : 347
    Windows 10 Pro
       New #249

    ddelo said:
    Sorry, i didn't get it. Which spoiler?
    SPOILER alert, literally: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability • The Register

    All Intel chips open to new Spoiler non-Spectre attack - Windows 10 Forums
    Last edited by Brink; 10 Mar 2019 at 09:56. Reason: added link for more info
      My Computer
    Quote Quote

 

  Related Discussions
Source: https://support.microsoft.com/en-us/help/4554354 See also: https://docs.microsoft.com/en-us/windows/release-information/windows-message-center#407 Direct download links for KB4554354 MSU file from Microsoft Update Catalog: fas...
Source: https://support.microsoft.com/en-us/help/4541331 Direct download links for KB4541331 MSU file from Microsoft Update Catalog: fas fa-download Download KB4541331 MSU for Windows 10 v1809 32-bit (x86) - 156.9 MB fas fa-download...
UPDATE 3/17: KB4541331 Cumulative Update Windows 10 v1809 Build 17763.1131 March 17 Source: https://support.microsoft.com/en-us/help/4538461 Direct download links for KB4538461 MSU file from Microsoft Update Catalog:
UPDATE 11/13: Cumulative Update KB4464455 Windows 10 v1809 Build 17763.107 - Nov. 13 - Windows 10 Forums Source: https://support.microsoft.com/en-us/help/4464330/windows-10-update-kb4464330 Direct download links for KB4464330 MSU...
New Cumulative Update KB4482887 released via Windows Update to Windows 10 version 1809 build 17763.346 for Windows Insiders in the Release Preview ring. Direct download links for KB4482887 CAB file from Microsoft Update Catalog: :tip: How to...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 06:48.
Find Us




Windows 10 Forums