Cumulative Update KB4494441 Windows 10 v1809 Build 17763.503 - May 14 Win Update

Page 25 of 31 FirstFirst ... 152324252627 ... LastLast
  1.    #240

    Can anyone please advise me as to how I can plug the holes identified by these tools (my green highlights in the first screen capture)? Other than keeping Windows up to date with the latest cumulative updates, I applied the registry tweaks found in this article under the section called:

    "To enable mitigations for Microarchitectural Data Sampling (CVE-2018-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130) along with Spectre (CVE-2017-5753 & CVE-2017-5715) and Meltdown (CVE-2017-5754) variants, including Speculative Store Bypass Disable (SSBD) (CVE-2018-3639) as well as L1 Terminal Fault (L1TF) (CVE-2018-3615, CVE-2018-3620, and CVE-2018-3646) with Hyper-Threading disabled"

    As I understand, MS has not released an update with the MDS firmware fix for v1809 yet, so that may explain that one being False, but it doesn't explain SSBD enabled system-wide being False.

    Any advice greatly appreciated!

    Click image for larger version. 

Name:	Powershell.png 
Views:	5 
Size:	119.4 KB 
ID:	234188Click image for larger version. 

Name:	MDSTool1.png 
Views:	1 
Size:	161.2 KB 
ID:	234189Click image for larger version. 

Name:	MDSTool2.png 
Views:	1 
Size:	46.7 KB 
ID:	234190
      My ComputerSystem Spec

  2.    #241

    HempOil said: View Post
    Can anyone please advise me as to how I can plug the holes identified by these tools (my green highlights in the first screen capture)? Other than keeping Windows up to date with the latest cumulative updates, I applied the registry tweaks found in this article under the section called:

    "To enable mitigations for Microarchitectural Data Sampling (CVE-2018-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130) along with Spectre (CVE-2017-5753 & CVE-2017-5715) and Meltdown (CVE-2017-5754) variants, including Speculative Store Bypass Disable (SSBD) (CVE-2018-3639) as well as L1 Terminal Fault (L1TF) (CVE-2018-3615, CVE-2018-3620, and CVE-2018-3646) with Hyper-Threading disabled"

    As I understand, MS has not released an update with the MDS firmware fix for v1809 yet, so that may explain that one being False, but it doesn't explain SSBD enabled system-wide being False.

    Any advice greatly appreciated!

    Click image for larger version. 

Name:	Powershell.png 
Views:	5 
Size:	119.4 KB 
ID:	234188Click image for larger version. 

Name:	MDSTool1.png 
Views:	1 
Size:	161.2 KB 
ID:	234189Click image for larger version. 

Name:	MDSTool2.png 
Views:	1 
Size:	46.7 KB 
ID:	234190
    You and all people, if you want to enable all mitigations, runs CMD and admin and execute:

    Code:
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 72 /f
    
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
    Reboot windows and return the results, leave these options

    About MDS mitigation, I guess we have to wait for the microcode update revision 14/05

    f14tomcat said: View Post
    Hyper threading? As in 4 cores, 8 logical processors? Yep.

    Attachment 234187

    I'm gonna put all my .reg back now, if we're done.
    I would use these settings until there are new updates, to get the most of my CPU

    Code:
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 72 /f
    
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
    it will turn Windows OS support for speculative store bypass disable is enabled system-wide and SSBDWindowsSupportEnabledSystemWide will be changed to true
      My ComputerSystem Spec

  3.    #242

    Hi, sadly I also feel I need advice and guidance.


    Hello,

    Gigabyte is not offering any bios updates for my system. I am fully updated with build 17763.503. I've been following this thread and adding the regs as suggested and updated the spec module. Here is where I am at, any help would be greatly appreciated. Thanks

    Speculation control settings for CVE-2017-5715 [branch target injection]

    Hardware support for branch target injection mitigation is present: False
    Windows OS support for branch target injection mitigation is present: True
    Windows OS support for branch target injection mitigation is enabled: False
    Windows OS support for branch target injection mitigation is disabled by system policy: False
    Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True

    Speculation control settings for CVE-2017-5754 [rogue data cache load]

    Hardware requires kernel VA shadowing: True
    Windows OS support for kernel VA shadow is present: True
    Windows OS support for kernel VA shadow is enabled: True
    Windows OS support for PCID performance optimization is enabled: False [not required for security]

    Speculation control settings for CVE-2018-3639 [speculative store bypass]

    Hardware is vulnerable to speculative store bypass: True
    Hardware support for speculative store bypass disable is present: False
    Windows OS support for speculative store bypass disable is present: True
    Windows OS support for speculative store bypass disable is enabled system-wide: False

    Speculation control settings for CVE-2018-3620 [L1 terminal fault]

    Hardware is vulnerable to L1 terminal fault: True
    Windows OS support for L1 terminal fault mitigation is present: True
    Windows OS support for L1 terminal fault mitigation is enabled: True

    Speculation control settings for MDS [microarchitectural data sampling]

    Windows OS support for MDS mitigation is present: True
    Hardware is vulnerable to MDS: True
    Windows OS support for MDS mitigation is enabled: False

    Suggested actions

    * Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injection mitigation.
    * Follow the guidance for enabling Windows Client support for speculation control mitigations described in https://support.microsoft.com/help/4073119


    BTIHardwarePresent : False
    BTIWindowsSupportPresent : True
    BTIWindowsSupportEnabled : False
    BTIDisabledBySystemPolicy : False
    BTIDisabledByNoHardwareSupport : True
    BTIKernelRetpolineEnabled : False
    BTIKernelImportOptimizationEnabled : False
    KVAShadowRequired : True
    KVAShadowWindowsSupportPresent : True
    KVAShadowWindowsSupportEnabled : True
    KVAShadowPcidEnabled : False
    SSBDWindowsSupportPresent : True
    SSBDHardwareVulnerable : True
    SSBDHardwarePresent : False
    SSBDWindowsSupportEnabledSystemWide : False
    L1TFHardwareVulnerable : True
    L1TFWindowsSupportPresent : True
    L1TFWindowsSupportEnabled : True
    L1TFInvalidPteBit : 45
    L1DFlushSupported : False
    MDSWindowsSupportPresent : True
    MDSHardwareVulnerable : True
    MDSWindowsSupportEnabled : False
      My ComputerSystem Spec

  4.    #243

    droidly said: View Post
    Hello,

    Gigabyte is not offering any bios updates for my system. I am fully updated with build 17763.503. I've been following this thread and adding the regs as suggested and updated the spec module. Here is where I am at, any help would be greatly appreciated. Thanks

    Speculation control settings for CVE-2017-5715 [branch target injection]

    Hardware support for branch target injection mitigation is present: False
    Windows OS support for branch target injection mitigation is present: True
    Windows OS support for branch target injection mitigation is enabled: False
    Windows OS support for branch target injection mitigation is disabled by system policy: False
    Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True

    Speculation control settings for CVE-2017-5754 [rogue data cache load]

    Hardware requires kernel VA shadowing: True
    Windows OS support for kernel VA shadow is present: True
    Windows OS support for kernel VA shadow is enabled: True
    Windows OS support for PCID performance optimization is enabled: False [not required for security]

    Speculation control settings for CVE-2018-3639 [speculative store bypass]

    Hardware is vulnerable to speculative store bypass: True
    Hardware support for speculative store bypass disable is present: False
    Windows OS support for speculative store bypass disable is present: True
    Windows OS support for speculative store bypass disable is enabled system-wide: False

    Speculation control settings for CVE-2018-3620 [L1 terminal fault]

    Hardware is vulnerable to L1 terminal fault: True
    Windows OS support for L1 terminal fault mitigation is present: True
    Windows OS support for L1 terminal fault mitigation is enabled: True

    Speculation control settings for MDS [microarchitectural data sampling]

    Windows OS support for MDS mitigation is present: True
    Hardware is vulnerable to MDS: True
    Windows OS support for MDS mitigation is enabled: False

    Suggested actions

    * Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injection mitigation.
    * Follow the guidance for enabling Windows Client support for speculation control mitigations described in https://support.microsoft.com/help/4073119


    BTIHardwarePresent : False
    BTIWindowsSupportPresent : True
    BTIWindowsSupportEnabled : False
    BTIDisabledBySystemPolicy : False
    BTIDisabledByNoHardwareSupport : True
    BTIKernelRetpolineEnabled : False
    BTIKernelImportOptimizationEnabled : False
    KVAShadowRequired : True
    KVAShadowWindowsSupportPresent : True
    KVAShadowWindowsSupportEnabled : True
    KVAShadowPcidEnabled : False
    SSBDWindowsSupportPresent : True
    SSBDHardwareVulnerable : True
    SSBDHardwarePresent : False
    SSBDWindowsSupportEnabledSystemWide : False
    L1TFHardwareVulnerable : True
    L1TFWindowsSupportPresent : True
    L1TFWindowsSupportEnabled : True
    L1TFInvalidPteBit : 45
    L1DFlushSupported : False
    MDSWindowsSupportPresent : True
    MDSHardwareVulnerable : True
    MDSWindowsSupportEnabled : False
    Install the latest Microcode released for 1809 http://download.windowsupdate.com/c/...c27b3fc80f.msu

    Run CMD as admin and execute these commands

    Code:
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 72 /f
    
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
    Reboot windows, and return the results
      My ComputerSystem Spec

  5.    #244

    Hi again,

    The msu file installed and rebooted. Added the 2 reg entries and rebooted just in case.

    The results look the same to me.

    Speculation control settings for CVE-2017-5715 [branch target injection]

    Hardware support for branch target injection mitigation is present: False
    Windows OS support for branch target injection mitigation is present: True
    Windows OS support for branch target injection mitigation is enabled: False
    Windows OS support for branch target injection mitigation is disabled by system policy: False
    Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True

    Speculation control settings for CVE-2017-5754 [rogue data cache load]

    Hardware requires kernel VA shadowing: True
    Windows OS support for kernel VA shadow is present: True
    Windows OS support for kernel VA shadow is enabled: True
    Windows OS support for PCID performance optimization is enabled: False [not required for security]

    Speculation control settings for CVE-2018-3639 [speculative store bypass]

    Hardware is vulnerable to speculative store bypass: True
    Hardware support for speculative store bypass disable is present: False
    Windows OS support for speculative store bypass disable is present: True
    Windows OS support for speculative store bypass disable is enabled system-wide: False

    Speculation control settings for CVE-2018-3620 [L1 terminal fault]

    Hardware is vulnerable to L1 terminal fault: True
    Windows OS support for L1 terminal fault mitigation is present: True
    Windows OS support for L1 terminal fault mitigation is enabled: True

    Speculation control settings for MDS [microarchitectural data sampling]

    Windows OS support for MDS mitigation is present: True
    Hardware is vulnerable to MDS: True
    Windows OS support for MDS mitigation is enabled: False

    Suggested actions

    * Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injection mitigation.
    * Follow the guidance for enabling Windows Client support for speculation control mitigations described in https://support.microsoft.com/help/4073119


    BTIHardwarePresent : False
    BTIWindowsSupportPresent : True
    BTIWindowsSupportEnabled : False
    BTIDisabledBySystemPolicy : False
    BTIDisabledByNoHardwareSupport : True
    BTIKernelRetpolineEnabled : False
    BTIKernelImportOptimizationEnabled : False
    KVAShadowRequired : True
    KVAShadowWindowsSupportPresent : True
    KVAShadowWindowsSupportEnabled : True
    KVAShadowPcidEnabled : False
    SSBDWindowsSupportPresent : True
    SSBDHardwareVulnerable : True
    SSBDHardwarePresent : False
    SSBDWindowsSupportEnabledSystemWide : False
    L1TFHardwareVulnerable : True
    L1TFWindowsSupportPresent : True
    L1TFWindowsSupportEnabled : True
    L1TFInvalidPteBit : 45
    L1DFlushSupported : False
    MDSWindowsSupportPresent : True
    MDSHardwareVulnerable : True
    MDSWindowsSupportEnabled : False
      My ComputerSystem Spec

  6.   My ComputersSystem Spec

  7.   My ComputerSystem Spec


  8.    #247

    droidly said: View Post
    Hi again,

    The msu file installed and rebooted. Added the 2 reg entries and rebooted just in case.

    The results look the same to me.

    Speculation control settings for CVE-2017-5715 [branch target injection]

    Hardware support for branch target injection mitigation is present: False
    Windows OS support for branch target injection mitigation is present: True
    Windows OS support for branch target injection mitigation is enabled: False
    Windows OS support for branch target injection mitigation is disabled by system policy: False
    Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True

    Speculation control settings for CVE-2017-5754 [rogue data cache load]

    Hardware requires kernel VA shadowing: True
    Windows OS support for kernel VA shadow is present: True
    Windows OS support for kernel VA shadow is enabled: True
    Windows OS support for PCID performance optimization is enabled: False [not required for security]

    Speculation control settings for CVE-2018-3639 [speculative store bypass]

    Hardware is vulnerable to speculative store bypass: True
    Hardware support for speculative store bypass disable is present: False
    Windows OS support for speculative store bypass disable is present: True
    Windows OS support for speculative store bypass disable is enabled system-wide: False

    Speculation control settings for CVE-2018-3620 [L1 terminal fault]

    Hardware is vulnerable to L1 terminal fault: True
    Windows OS support for L1 terminal fault mitigation is present: True
    Windows OS support for L1 terminal fault mitigation is enabled: True

    Speculation control settings for MDS [microarchitectural data sampling]

    Windows OS support for MDS mitigation is present: True
    Hardware is vulnerable to MDS: True
    Windows OS support for MDS mitigation is enabled: False

    Suggested actions

    * Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injection mitigation.
    * Follow the guidance for enabling Windows Client support for speculation control mitigations described in https://support.microsoft.com/help/4073119


    BTIHardwarePresent : False
    BTIWindowsSupportPresent : True
    BTIWindowsSupportEnabled : False
    BTIDisabledBySystemPolicy : False
    BTIDisabledByNoHardwareSupport : True
    BTIKernelRetpolineEnabled : False
    BTIKernelImportOptimizationEnabled : False
    KVAShadowRequired : True
    KVAShadowWindowsSupportPresent : True
    KVAShadowWindowsSupportEnabled : True
    KVAShadowPcidEnabled : False
    SSBDWindowsSupportPresent : True
    SSBDHardwareVulnerable : True
    SSBDHardwarePresent : False
    SSBDWindowsSupportEnabledSystemWide : False
    L1TFHardwareVulnerable : True
    L1TFWindowsSupportPresent : True
    L1TFWindowsSupportEnabled : True
    L1TFInvalidPteBit : 45
    L1DFlushSupported : False
    MDSWindowsSupportPresent : True
    MDSHardwareVulnerable : True
    MDSWindowsSupportEnabled : False
    It looks the same to me too , strange. One option should have been changed and it is Windows OS support for PCID performance optimization is enabled will be true

    Anyhow, can you please open windows registry, navigate to Dator\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management and return the values of these entire:
    FeatureSettingsOverride
    FeatureSettingsOverrideMask

    Would you please check the file mcupdate_GenuineIntel.dll in the system32 folder and say what version it has, it should be 10.0.17763.370

    I am watching a movie and getting notification, so no worries
      My ComputerSystem Spec

  9.    #248

    I have been following with great interest this segment of the thread about the mitigation against MDS attacks, namely RIDL & Fallout, specifically starting with the instructions given at @f14tomcat at post #202, on which I followed suit. I would like @JennyJ and/or @ddelo to tell me whether or not I am OK. Here are the results:

    First off, I started by installing the new version of the PS script (1.0.14). The screenshots are in two parts ( I know I could have copied them and put them in a code box):
    Part 1.
    Click image for larger version. 

Name:	Installation of new version of PS Script 1.0.14-Steps 3 First part.png 
Views:	2 
Size:	109.6 KB 
ID:	234210

    Par 2.

    Click image for larger version. 

Name:	Installation of new version of PS Script 1.0.14-Steps 3 Second part.png 
Views:	1 
Size:	51.9 KB 
ID:	234211

    The following is the screenshot after running:
    Code:
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 72 /f
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
    reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d "1.0" /f


    Click image for larger version. 

Name:	Commands run to change SSBDWindowsSupportEnabledSystemWide to True.png 
Views:	1 
Size:	51.9 KB 
ID:	234212

    Final result which seems to have changed "SSBDWindowsSupportEnabledSystemWide" to "True"

    Code:
    Windows PowerShell
    Copyright (C) Microsoft Corporation. All rights reserved.
    PS C:\WINDOWS\system32> Install-Module -Name SpeculationControl
    PS C:\WINDOWS\system32> Get-SpeculationControlSettings
    For more information about the output below, please refer to https://support.microsoft.com/help/4074629
    Speculation control settings for CVE-2017-5715 [branch target injection]
    Hardware support for branch target injection mitigation is present: True
    Windows OS support for branch target injection mitigation is present: True
    Windows OS support for branch target injection mitigation is enabled: True
    Speculation control settings for CVE-2017-5754 [rogue data cache load]
    Hardware requires kernel VA shadowing: True
    Windows OS support for kernel VA shadow is present: True
    Windows OS support for kernel VA shadow is enabled: True
    Windows OS support for PCID performance optimization is enabled: True [not required for security]
    Speculation control settings for CVE-2018-3639 [speculative store bypass]
    Hardware is vulnerable to speculative store bypass: True
    Hardware support for speculative store bypass disable is present: True
    Windows OS support for speculative store bypass disable is present: True
    Windows OS support for speculative store bypass disable is enabled system-wide: True
    Speculation control settings for CVE-2018-3620 [L1 terminal fault]
    Hardware is vulnerable to L1 terminal fault: True
    Windows OS support for L1 terminal fault mitigation is present: True
    Windows OS support for L1 terminal fault mitigation is enabled: True
    Speculation control settings for MDS [microarchitectural data sampling]
    Windows OS support for MDS mitigation is present: True
    Hardware is vulnerable to MDS: True
    Windows OS support for MDS mitigation is enabled: False
    Suggested actions
     * Follow the guidance for enabling Windows Client support for speculation control mitigations described in https://support.microsoft.com/help/4073119
    
    BTIHardwarePresent                  : True
    BTIWindowsSupportPresent            : True
    BTIWindowsSupportEnabled            : True
    BTIDisabledBySystemPolicy           : False
    BTIDisabledByNoHardwareSupport      : False
    BTIKernelRetpolineEnabled           : True
    BTIKernelImportOptimizationEnabled  : True
    KVAShadowRequired                   : True
    KVAShadowWindowsSupportPresent      : True
    KVAShadowWindowsSupportEnabled      : True
    KVAShadowPcidEnabled                : True
    SSBDWindowsSupportPresent           : True
    SSBDHardwareVulnerable              : True
    SSBDHardwarePresent                 : True
    SSBDWindowsSupportEnabledSystemWide : True
    L1TFHardwareVulnerable              : True
    L1TFWindowsSupportPresent           : True
    L1TFWindowsSupportEnabled           : True
    L1TFInvalidPteBit                   : 45
    L1DFlushSupported                   : True
    MDSWindowsSupportPresent            : True
    MDSHardwareVulnerable               : True
    MDSWindowsSupportEnabled            : False
    
    PS C:\WINDOWS\system32>


    I supposed that I am Ok, but I want to make sure. @ddelo has helped me in the past and think that he could be of a helping hand again. Just let me say that for now I have not found any patch either from HP Support Page regarding a BIOS/UEFI update, nor a microcode update from Intel's latest Microcode Guidance Page (my CPUID: 306C3 is not on the list)






      My ComputersSystem Spec

  10.    #249

    IronZorg89 said: View Post
    I have been following with great interest this segment of the thread about the mitigation against MDS attacks, namely RIDL & Fallout, specifically starting with the instructions given at @f14tomcat at post #202, on which I followed suit. I would like @JennyJ and/or @ddelo to tell me whether or not I am OK. Here are the results:

    First off, I started by installing the new version of the PS script (1.0.14). The screenshots are in two parts ( I know I could have copied them and put them in a code box):
    Part 1.
    Click image for larger version. 

Name:	Installation of new version of PS Script 1.0.14-Steps 3 First part.png 
Views:	2 
Size:	109.6 KB 
ID:	234210

    Par 2.

    Click image for larger version. 

Name:	Installation of new version of PS Script 1.0.14-Steps 3 Second part.png 
Views:	1 
Size:	51.9 KB 
ID:	234211

    The following is the screenshot after running:
    Code:
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 72 /f
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
    reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d "1.0" /f


    Click image for larger version. 

Name:	Commands run to change SSBDWindowsSupportEnabledSystemWide to True.png 
Views:	1 
Size:	51.9 KB 
ID:	234212

    Final result which seems to have changed "SSBDWindowsSupportEnabledSystemWide" to "True"

    Code:
    Windows PowerShell
    Copyright (C) Microsoft Corporation. All rights reserved.
    PS C:\WINDOWS\system32> Install-Module -Name SpeculationControl
    PS C:\WINDOWS\system32> Get-SpeculationControlSettings
    For more information about the output below, please refer to https://support.microsoft.com/help/4074629
    Speculation control settings for CVE-2017-5715 [branch target injection]
    Hardware support for branch target injection mitigation is present: True
    Windows OS support for branch target injection mitigation is present: True
    Windows OS support for branch target injection mitigation is enabled: True
    Speculation control settings for CVE-2017-5754 [rogue data cache load]
    Hardware requires kernel VA shadowing: True
    Windows OS support for kernel VA shadow is present: True
    Windows OS support for kernel VA shadow is enabled: True
    Windows OS support for PCID performance optimization is enabled: True [not required for security]
    Speculation control settings for CVE-2018-3639 [speculative store bypass]
    Hardware is vulnerable to speculative store bypass: True
    Hardware support for speculative store bypass disable is present: True
    Windows OS support for speculative store bypass disable is present: True
    Windows OS support for speculative store bypass disable is enabled system-wide: True
    Speculation control settings for CVE-2018-3620 [L1 terminal fault]
    Hardware is vulnerable to L1 terminal fault: True
    Windows OS support for L1 terminal fault mitigation is present: True
    Windows OS support for L1 terminal fault mitigation is enabled: True
    Speculation control settings for MDS [microarchitectural data sampling]
    Windows OS support for MDS mitigation is present: True
    Hardware is vulnerable to MDS: True
    Windows OS support for MDS mitigation is enabled: False
    Suggested actions
     * Follow the guidance for enabling Windows Client support for speculation control mitigations described in https://support.microsoft.com/help/4073119
    
    BTIHardwarePresent                  : True
    BTIWindowsSupportPresent            : True
    BTIWindowsSupportEnabled            : True
    BTIDisabledBySystemPolicy           : False
    BTIDisabledByNoHardwareSupport      : False
    BTIKernelRetpolineEnabled           : True
    BTIKernelImportOptimizationEnabled  : True
    KVAShadowRequired                   : True
    KVAShadowWindowsSupportPresent      : True
    KVAShadowWindowsSupportEnabled      : True
    KVAShadowPcidEnabled                : True
    SSBDWindowsSupportPresent           : True
    SSBDHardwareVulnerable              : True
    SSBDHardwarePresent                 : True
    SSBDWindowsSupportEnabledSystemWide : True
    L1TFHardwareVulnerable              : True
    L1TFWindowsSupportPresent           : True
    L1TFWindowsSupportEnabled           : True
    L1TFInvalidPteBit                   : 45
    L1DFlushSupported                   : True
    MDSWindowsSupportPresent            : True
    MDSHardwareVulnerable               : True
    MDSWindowsSupportEnabled            : False
    
    PS C:\WINDOWS\system32>


    I supposed that I am Ok, but I want to make sure. @ddelo has helped me in the past and think that he could be of a helping hand again. Just let me say that for now I have not found any patch either from HP Support Page regarding a BIOS/UEFI update, nor a microcode update from Intel's latest Microcode Guidance Page (my CPUID: 306C3 is not on the list)






    You are good to go, all mitigations values are enabled. Nothing more need to be done.

    You have to wait for the new Microcode for 1809 to be released. Until then nothing more can be done
      My ComputerSystem Spec


 
Page 25 of 31 FirstFirst ... 152324252627 ... LastLast

Related Threads
UPDATE 5/14: Cumulative Update KB4494441 Windows 10 v1809 Build 17763.503 - May 14 Source: https://support.microsoft.com/en-us/help/4495667 Direct download links for KB4495667 MSU file from Microsoft Update Catalog:
UPDATE 4/2: Cumulative Update KB4490481 Windows 10 v1809 Build 17763.404 - April 2 Windows Update - Windows 10 Forums Source: https://support.microsoft.com/en-us/help/4489899/windows-10-update-kb4489899 Direct download links for...
UPDATE 1/8: Cumulative Update KB4480116 Windows 10 v1809 Build 17763.253 - Jan. 8 Windows Update - Windows 10 Forums Source: https://support.microsoft.com/en-us/help/4483235 Direct download links for KB4483235 MSU file from Microsoft...
UPDATE 3/1: Cumulative Update KB4482887 Windows 10 v1809 Build 17763.316 - March 1 Windows Update - Windows 10 Forums Source: https://support.microsoft.com/en-us/help/4487044/windows-10-update-kb4487044 Direct download links for...
UPDATE 2/12: Cumulative Update KB4487044 Windows 10 v1809 Build 17763.316 - Feb. 12 Windows Update - Windows 10 Forums Source: https://support.microsoft.com/en-us/help/4476976 Direct download links for KB4476976 MSU file from...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 02:17.
Find Us