Cumulative Update KB4482887 Windows 10 v1809 Build 17763.348 - March 1 Win Update

ddelo said:

As said before....you're in a great shape.
The only thing that you might want to do is to enable BTIKernelImportOptimizationEnabled, because according to Intel your CPU cannot use Retpoline.
To do that just make the two registry changes proposed in the Windows Kernel Internals blog post.

@ddelo

All done... Thanks again, I'll stop bugging you now. maybe.......

Code:

BTIHardwarePresent                  : True
BTIWindowsSupportPresent            : True
BTIWindowsSupportEnabled            : True
BTIDisabledBySystemPolicy           : False
BTIDisabledByNoHardwareSupport      : False
BTIKernelRetpolineEnabled           : False
BTIKernelImportOptimizationEnabled  : True
KVAShadowRequired                   : True
KVAShadowWindowsSupportPresent      : True
KVAShadowWindowsSupportEnabled      : True
KVAShadowPcidEnabled                : True
SSBDWindowsSupportPresent           : True
SSBDHardwareVulnerable              : True
SSBDHardwarePresent                 : True
SSBDWindowsSupportEnabledSystemWide : False
L1TFHardwareVulnerable              : True
L1TFWindowsSupportPresent           : True
L1TFWindowsSupportEnabled           : True
L1TFInvalidPteBit                   : 45
L1DFlushSupported                   : True

P.S. - reran WinSat and got my mem score back up to 35400 from 33550, and a 9.3 and 9.1

f14tomcat said:

@ddelo

All done... Thanks again, I'll stop bugging you now. maybe.......

Code:

BTIHardwarePresent                  : True
BTIWindowsSupportPresent            : True
BTIWindowsSupportEnabled            : True
BTIDisabledBySystemPolicy           : False
BTIDisabledByNoHardwareSupport      : False
BTIKernelRetpolineEnabled           : False
BTIKernelImportOptimizationEnabled  : True
KVAShadowRequired                   : True
KVAShadowWindowsSupportPresent      : True
KVAShadowWindowsSupportEnabled      : True
KVAShadowPcidEnabled                : True
SSBDWindowsSupportPresent           : True
SSBDHardwareVulnerable              : True
SSBDHardwarePresent                 : True
SSBDWindowsSupportEnabledSystemWide : False
L1TFHardwareVulnerable              : True
L1TFWindowsSupportPresent           : True
L1TFWindowsSupportEnabled           : True
L1TFInvalidPteBit                   : 45
L1DFlushSupported                   : True

P.S. - reran WinSat and got my mem score back up to 35400 from 33550, and a 9.3 and 9.1

It's never a bother Dick. I'm glad it worked for you.
Take care and don't give it a second thought if you need anything else.

AMDMan2016 said:

Theres my Spectre information, Think performance wise getting all I can I think or I hope and the latest patch didn't seem to slow down nothing on mine that I can tell at this point, unless I missed something in the following readout

Code:

[FONT="Open Sans",sans-serif,Arial,Tahoma,Calibri,Geneva,sans-serif]Speculation control settings for CVE-2017-5715 [branch target injection][/FONT]
[FONT="Open Sans",sans-serif,Arial,Tahoma,Calibri,Geneva,sans-serif]Hardware support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: True[/FONT]
[FONT="Open Sans",sans-serif,Arial,Tahoma,Calibri,Geneva,sans-serif]Speculation control settings for CVE-2017-5754 [rogue data cache load][/FONT]
[FONT="Open Sans",sans-serif,Arial,Tahoma,Calibri,Geneva,sans-serif]Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID performance optimization is enabled: True [not required for security][/FONT]
[FONT="Open Sans",sans-serif,Arial,Tahoma,Calibri,Geneva,sans-serif]Speculation control settings for CVE-2018-3639 [speculative store bypass][/FONT]
[FONT="Open Sans",sans-serif,Arial,Tahoma,Calibri,Geneva,sans-serif]Hardware is vulnerable to speculative store bypass: True
Hardware support for speculative store bypass disable is present: True
Windows OS support for speculative store bypass disable is present: True
Windows OS support for speculative store bypass disable is enabled system-wide: False[/FONT]
[FONT="Open Sans",sans-serif,Arial,Tahoma,Calibri,Geneva,sans-serif]Speculation control settings for CVE-2018-3620 [L1 terminal fault][/FONT]
[FONT="Open Sans",sans-serif,Arial,Tahoma,Calibri,Geneva,sans-serif]Hardware is vulnerable to L1 terminal fault: True
Windows OS support for L1 terminal fault mitigation is present: True
Windows OS support for L1 terminal fault mitigation is enabled: True[/FONT]
[FONT="Open Sans",sans-serif,Arial,Tahoma,Calibri,Geneva,sans-serif]
BTIHardwarePresent                  : True
BTIWindowsSupportPresent            : True
BTIWindowsSupportEnabled            : True
BTIDisabledBySystemPolicy           : False
BTIDisabledByNoHardwareSupport      : False
BTIKernelRetpolineEnabled           : False
BTIKernelImportOptimizationEnabled  : False
KVAShadowRequired                   : True
KVAShadowWindowsSupportPresent      : True
KVAShadowWindowsSupportEnabled      : True
KVAShadowPcidEnabled                : True
SSBDWindowsSupportPresent           : True
SSBDHardwareVulnerable              : True
SSBDHardwarePresent                 : True
SSBDWindowsSupportEnabledSystemWide : False
L1TFHardwareVulnerable              : True
L1TFWindowsSupportPresent           : True
L1TFWindowsSupportEnabled           : True
L1TFInvalidPteBit                   : 45
L1DFlushSupported                   : True[/FONT]

It looks absolutely fine!
Maybe the only think missing, might be Retpoline mitigation.
If you wish take a look at this post and follow the instructions in the Microsoft Windows Kernel Internals blog post to enable Retpoline and you'll be great.

MUser said:

I switched the SATA driver to Microsoft "Standard SATA/AHCI Controller" instead of Intel SATA and it fixed a similar issue.

That's what I have and it's AMD Ryzen system.

I see on the prior coulple pages, running some scripts etc to give what seems like important information regarding vulnerabilities/performance. Im wondering how to check this, and more importantly, if you can assist in interpreting?

Part of the reason for my worry is that once I read through that thread, I saw it mentioned that if you had an "older" system, to check and see:

"In other words, we established that, if not on the latest CPU microcode via a BIOS/UEFI update (as the manufacturers don't provide such updates for older PCs - it's their way of saying, get a new one!!!), then apply KB4465065 (in v1809) to get the most recent mitigations to all known, until today, vulnerabilities. "

I went and checked and noticed I was on a build from 1803 in may! So I allowed it to download to 1809 just now. however, I dont see the update number mentioned above regarding microcode. Should I search it out manually and apply it?

Another question, I have no clue how my updates could have been so delayed? When I looked in "installed updates" in programs and features, and it showed me maybe 8 updates total installed- I got this laptop in December of 2016! I dont forbid it to download under metered connections, and I also use DoNot Spy10 but I dont use that to block updates....confused. I would appreciate any way you can help set me straight. Some of this windows stuff is egyptian to me

edit: got the script to run fine, here were the results. Seems in accordance with others? Dell laptop with intel i3 7200u CPU

Code:

Speculation control settings for CVE-2017-5715 [branch target injection]

Hardware support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: True

Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID performance optimization is enabled: True [not required for security]

Speculation control settings for CVE-2018-3639 [speculative store bypass]

Hardware is vulnerable to speculative store bypass: True
Hardware support for speculative store bypass disable is present: True
Windows OS support for speculative store bypass disable is present: True
Windows OS support for speculative store bypass disable is enabled system-wide: False

Speculation control settings for CVE-2018-3620 [L1 terminal fault]

Hardware is vulnerable to L1 terminal fault: True
Windows OS support for L1 terminal fault mitigation is present: True
Windows OS support for L1 terminal fault mitigation is enabled: True


BTIHardwarePresent                  : True
BTIWindowsSupportPresent            : True
BTIWindowsSupportEnabled            : True
BTIDisabledBySystemPolicy           : False
BTIDisabledByNoHardwareSupport      : False
BTIKernelRetpolineEnabled           : False
BTIKernelImportOptimizationEnabled  : False
KVAShadowRequired                   : True
KVAShadowWindowsSupportPresent      : True
KVAShadowWindowsSupportEnabled      : True
KVAShadowPcidEnabled                : True
SSBDWindowsSupportPresent           : True
SSBDHardwareVulnerable              : True
SSBDHardwarePresent                 : True
SSBDWindowsSupportEnabledSystemWide : False
L1TFHardwareVulnerable              : True
L1TFWindowsSupportPresent           : True
L1TFWindowsSupportEnabled           : True
L1TFInvalidPteBit                   : 45
L1DFlushSupported                   : True

Should this show true?
Windows OS support for speculative store bypass disable is enabled system-wide: False