Cumulative Update KB4494441 Windows 10 v1809 Build 17763.503 - May 14 Win Update

Page 26 of 31 FirstFirst ... 162425262728 ... LastLast
  1.    #250

    JenyJ said: View Post
    You are good to go, all mitigations values are enabled. Nothing more need to be done.

    You have to wait for the new Microcode for 1809 to be released. Until then nothing more can be done
    Thanks a lot!
      My ComputersSystem Spec

  2.    #251

    Hi Jenyj,

    Thanks for your help.

    FeatureSettingsOverride REG_DWORD 0x00000048 (72)
    FeatureSettingsOverrideMask REG_DWORD 0x00000003 (3)

    Click image for larger version. 

Name:	2019-05-18 (2).png 
Views:	55 
Size:	30.8 KB 
ID:	234214

    What movie? I am watching PGA golf. Sorry it took me so long to return.

    Thanks again, Andre
      My ComputerSystem Spec

  3.    #252

    Hi! I have Win10 1803 and i installed the last cumulative update from may 14th but when i run powershell to check the vulnerabilities, they are set to false (Windows OS support for MDS mitigation is enabled and MDSWindowsSupportEnabled). Is there something i can do? Please explain me as a noob, haha. Thanks!!!
      My ComputerSystem Spec

  4.    #253

    droidly said: View Post
    Hi Jenyj,

    Thanks for your help.

    FeatureSettingsOverride REG_DWORD 0x00000048 (72)
    FeatureSettingsOverrideMask REG_DWORD 0x00000003 (3)

    Click image for larger version. 

Name:	2019-05-18 (2).png 
Views:	55 
Size:	30.8 KB 
ID:	234214

    What movie? I am watching PGA golf. Sorry it took me so long to return.

    Thanks again, Andre
    The thing is you have an old CPU doesn't support most of the mitigations.

    But according to SpeculationControl your CPU supports "Rogue Data Cache Load" (meltdown) mitigation. That is wired, the 72 value should cover it.

    Try these commands, and you should restart.

    Code:
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 8 /f
    
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
    Anyway, you have to wait for the new microcode to be released, so the 72 value is useless for now,

    can you return please,

    And I am watching a documentary about black holes, yet not much about black holes so far ,

    - - - Updated - - -

    Leoplate25 said: View Post
    Hi! I have Win10 1803 and i installed the last cumulative update from may 14th but when i run powershell to check the vulnerabilities, they are set to false (Windows OS support for MDS mitigation is enabled and MDSWindowsSupportEnabled). Is there something i can do? Please explain me as a noob, haha. Thanks!!!
    I am assuming you have to wait for the new Microcode to be released for 1809, it should support MDS mitigation,

    We all have it false, not just you,
      My ComputerSystem Spec

  5.    #254

    JenyJ said: View Post
    I am assuming you have to wait for the new Microcode to be released for 1809, it should support MDS mitigation,

    We all have it false, not just you,
    Hi, i merge the registry keys that were provided here in the forum and now "Windows OS support for branch target injection mitigation is enabled" is set to True.

    Another question, i have these two entries in false; what can i do?

    Speculation control settings for CVE-2018-3620 [L1 terminal fault]

    Hardware is vulnerable to L1 terminal fault: False

    Speculation control settings for CVE-2017-5754 [rogue data cache load]

    Hardware requires kernel VA shadowing: False

    I see others in this thread have it enabled. Can you guide me? Thanks!
      My ComputerSystem Spec

  6.    #255

    IronZorg89 said: View Post
    I have been following with great interest this segment of the thread about the mitigation against MDS attacks, namely RIDL & Fallout, specifically starting with the instructions given at @f14tomcat at post #202, on which I followed suit. I would like @JennyJ and/or @ddelo to tell me whether or not I am OK. Here are the results:

    First off, I started by installing the new version of the PS script (1.0.14). The screenshots are in two parts ( I know I could have copied them and put them in a code box):
    Part 1.
    Attachment 234210

    Par 2.

    Attachment 234211

    The following is the screenshot after running:
    Code:
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 72 /f
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
    reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d "1.0" /f


    Attachment 234212

    Final result which seems to have changed "SSBDWindowsSupportEnabledSystemWide" to "True"

    Code:
    Windows PowerShell
    Copyright (C) Microsoft Corporation. All rights reserved.
    PS C:\WINDOWS\system32> Install-Module -Name SpeculationControl
    PS C:\WINDOWS\system32> Get-SpeculationControlSettings
    For more information about the output below, please refer to https://support.microsoft.com/help/4074629
    Speculation control settings for CVE-2017-5715 [branch target injection]
    Hardware support for branch target injection mitigation is present: True
    Windows OS support for branch target injection mitigation is present: True
    Windows OS support for branch target injection mitigation is enabled: True
    Speculation control settings for CVE-2017-5754 [rogue data cache load]
    Hardware requires kernel VA shadowing: True
    Windows OS support for kernel VA shadow is present: True
    Windows OS support for kernel VA shadow is enabled: True
    Windows OS support for PCID performance optimization is enabled: True [not required for security]
    Speculation control settings for CVE-2018-3639 [speculative store bypass]
    Hardware is vulnerable to speculative store bypass: True
    Hardware support for speculative store bypass disable is present: True
    Windows OS support for speculative store bypass disable is present: True
    Windows OS support for speculative store bypass disable is enabled system-wide: True
    Speculation control settings for CVE-2018-3620 [L1 terminal fault]
    Hardware is vulnerable to L1 terminal fault: True
    Windows OS support for L1 terminal fault mitigation is present: True
    Windows OS support for L1 terminal fault mitigation is enabled: True
    Speculation control settings for MDS [microarchitectural data sampling]
    Windows OS support for MDS mitigation is present: True
    Hardware is vulnerable to MDS: True
    Windows OS support for MDS mitigation is enabled: False
    Suggested actions
     * Follow the guidance for enabling Windows Client support for speculation control mitigations described in https://support.microsoft.com/help/4073119
    
    BTIHardwarePresent                  : True
    BTIWindowsSupportPresent            : True
    BTIWindowsSupportEnabled            : True
    BTIDisabledBySystemPolicy           : False
    BTIDisabledByNoHardwareSupport      : False
    BTIKernelRetpolineEnabled           : True
    BTIKernelImportOptimizationEnabled  : True
    KVAShadowRequired                   : True
    KVAShadowWindowsSupportPresent      : True
    KVAShadowWindowsSupportEnabled      : True
    KVAShadowPcidEnabled                : True
    SSBDWindowsSupportPresent           : True
    SSBDHardwareVulnerable              : True
    SSBDHardwarePresent                 : True
    SSBDWindowsSupportEnabledSystemWide : True
    L1TFHardwareVulnerable              : True
    L1TFWindowsSupportPresent           : True
    L1TFWindowsSupportEnabled           : True
    L1TFInvalidPteBit                   : 45
    L1DFlushSupported                   : True
    MDSWindowsSupportPresent            : True
    MDSHardwareVulnerable               : True
    MDSWindowsSupportEnabled            : False
    
    PS C:\WINDOWS\system32>


    I supposed that I am Ok, but I want to make sure. @ddelo has helped me in the past and think that he could be of a helping hand again. Just let me say that for now I have not found any patch either from HP Support Page regarding a BIOS/UEFI update, nor a microcode update from Intel's latest Microcode Guidance Page (my CPUID: 306C3 is not on the list)






    Hey mate!
    Everything seems OK...so now to mitigate the MDS vulnerabilities you wait for a BIOS/UEFI update, to version 0x27, according to intel, (you're currently on 0x25) or if the hp guys decide that you have an old CPU and they will not bother (sic), you like everybody else wait for a microcode update from Microsoft. As a regular in TenForums you're well aware that our guardian angel @Brink will inform us on time!
      My ComputerSystem Spec

  7.    #256

    Here's mine:

    Speculation control settings for CVE-2017-5715 [branch target injection]

    Hardware support for branch target injection mitigation is present: True
    Windows OS support for branch target injection mitigation is present: True
    Windows OS support for branch target injection mitigation is enabled: True

    Speculation control settings for CVE-2017-5754 [rogue data cache load]

    Hardware requires kernel VA shadowing: False

    Speculation control settings for CVE-2018-3639 [speculative store bypass]

    Hardware is vulnerable to speculative store bypass: True
    Hardware support for speculative store bypass disable is present: True
    Windows OS support for speculative store bypass disable is present: True
    Windows OS support for speculative store bypass disable is enabled system-wide: True

    Speculation control settings for CVE-2018-3620 [L1 terminal fault]

    Hardware is vulnerable to L1 terminal fault: False

    Speculation control settings for MDS [microarchitectural data sampling]

    Windows OS support for MDS mitigation is present: True
    Hardware is vulnerable to MDS: True
    Windows OS support for MDS mitigation is enabled: False

    Suggested actions

    * Follow the guidance for enabling Windows Client support for speculation control mitigations described in https://support.microsoft.com/help/4073119


    BTIHardwarePresent : True
    BTIWindowsSupportPresent : True
    BTIWindowsSupportEnabled : True
    BTIDisabledBySystemPolicy : False
    BTIDisabledByNoHardwareSupport : False
    BTIKernelRetpolineEnabled : False
    BTIKernelImportOptimizationEnabled : False
    KVAShadowRequired : False
    KVAShadowWindowsSupportPresent : True
    KVAShadowWindowsSupportEnabled : False
    KVAShadowPcidEnabled : False
    SSBDWindowsSupportPresent : True
    SSBDHardwareVulnerable : True
    SSBDHardwarePresent : True
    SSBDWindowsSupportEnabledSystemWide : True
    L1TFHardwareVulnerable : False
    L1TFWindowsSupportPresent : True
    L1TFWindowsSupportEnabled : False
    L1TFInvalidPteBit : 0
    L1DFlushSupported : True
    MDSWindowsSupportPresent : True
    MDSHardwareVulnerable : True
    MDSWindowsSupportEnabled : False

    I must wait for a microcode to have the last two ''fixed''; don't i?
      My ComputerSystem Spec


  8.    #257

    ddelo said: View Post
    Hey mate!
    Everything seems OK...so now to mitigate the MDS vulnerabilities you wait for a BIOS/UEFI update, to version 0x27, according to intel, (you're currently on 0x25) or if the hp guys decide that you have an old CPU and they will not bother (sic), you like everybody else wait for a microcode update from Microsoft. As a regular in TenForums you're well aware that our guardian angel @Brink will inform us on time!
    Thanks mate!. As you can tell from the Specs in my account profile my PC is not that old (bought in July 2015), and the guys at HP better not consider it as an old one. BTW, the next time I will probable buy a new PC is when that new chip called MORPHEUS is out.

    That is a fact that @Brink is our guardian angel. No one can argue about that. Cheers!

    Edit: If you have not read about MORPHEUS yet, here is the link. I found that article really interesting.
    MORPHEUS
      My ComputersSystem Spec

  9.    #258

    Leoplate25 said: View Post
    Hi, i merge the registry keys that were provided here in the forum and now "Windows OS support for branch target injection mitigation is enabled" is set to True.

    Another question, i have these two entries in false; what can i do?

    Speculation control settings for CVE-2018-3620 [L1 terminal fault]

    Hardware is vulnerable to L1 terminal fault: False

    Speculation control settings for CVE-2017-5754 [rogue data cache load]

    Hardware requires kernel VA shadowing: False

    I see others in this thread have it enabled. Can you guide me? Thanks!

    When Hardware is false that means that nothing needed to be done, not exposed to vulnerabilities, no need to security patches, hence no need to mitigation.

    Nothing to worry about


    Check this for more info https://support.microsoft.com/en-in/...ngs-powershell
    Last edited by JenyJ; 18 May 2019 at 16:11.
      My ComputerSystem Spec

  10.    #259

    JenyJ said: View Post
    The thing is you have an old CPU doesn't support most of the mitigations.

    But according to SpeculationControl your CPU supports "Rogue Data Cache Load" (meltdown) mitigation. That is wired, the 72 value should cover it.

    Try these commands, and you should restart.

    Code:
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 8 /f
    
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
    Anyway, you have to wait for the new microcode to be released, so the 72 value is useless for now,

    can you return please,

    And I am watching a documentary about black holes, yet not much about black holes so far ,

    - - - Updated - - -



    I am assuming you have to wait for the new Microcode to be released for 1809, it should support MDS mitigation,

    We all have it false, not just you,
    Speculation control settings for CVE-2017-5715 [branch target injection]

    Hardware support for branch target injection mitigation is present: False
    Windows OS support for branch target injection mitigation is present: True
    Windows OS support for branch target injection mitigation is enabled: False
    Windows OS support for branch target injection mitigation is disabled by system policy: False
    Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True

    Speculation control settings for CVE-2017-5754 [rogue data cache load]

    Hardware requires kernel VA shadowing: True
    Windows OS support for kernel VA shadow is present: True
    Windows OS support for kernel VA shadow is enabled: True
    Windows OS support for PCID performance optimization is enabled: False [not required for security]

    Speculation control settings for CVE-2018-3639 [speculative store bypass]

    Hardware is vulnerable to speculative store bypass: True
    Hardware support for speculative store bypass disable is present: False
    Windows OS support for speculative store bypass disable is present: True
    Windows OS support for speculative store bypass disable is enabled system-wide: False

    Speculation control settings for CVE-2018-3620 [L1 terminal fault]

    Hardware is vulnerable to L1 terminal fault: True
    Windows OS support for L1 terminal fault mitigation is present: True
    Windows OS support for L1 terminal fault mitigation is enabled: True

    Speculation control settings for MDS [microarchitectural data sampling]

    Windows OS support for MDS mitigation is present: True
    Hardware is vulnerable to MDS: True
    Windows OS support for MDS mitigation is enabled: False

    Suggested actions

    * Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injection mitigation.
    * Follow the guidance for enabling Windows Client support for speculation control mitigations described in https://support.microsoft.com/help/4073119


    BTIHardwarePresent : False
    BTIWindowsSupportPresent : True
    BTIWindowsSupportEnabled : False
    BTIDisabledBySystemPolicy : False
    BTIDisabledByNoHardwareSupport : True
    BTIKernelRetpolineEnabled : False
    BTIKernelImportOptimizationEnabled : False
    KVAShadowRequired : True
    KVAShadowWindowsSupportPresent : True
    KVAShadowWindowsSupportEnabled : True
    KVAShadowPcidEnabled : False
    SSBDWindowsSupportPresent : True
    SSBDHardwareVulnerable : True
    SSBDHardwarePresent : False
    SSBDWindowsSupportEnabledSystemWide : False
    L1TFHardwareVulnerable : True
    L1TFWindowsSupportPresent : True
    L1TFWindowsSupportEnabled : True
    L1TFInvalidPteBit : 45
    L1DFlushSupported : False
    MDSWindowsSupportPresent : True
    MDSHardwareVulnerable : True
    MDSWindowsSupportEnabled : False

    Hello again, what do you think now? Hope you are enjoying your black holes program and thanks for all your help and patience.
      My ComputerSystem Spec


 
Page 26 of 31 FirstFirst ... 162425262728 ... LastLast

Related Threads
UPDATE 5/14: Cumulative Update KB4494441 Windows 10 v1809 Build 17763.503 - May 14 Source: https://support.microsoft.com/en-us/help/4495667 Direct download links for KB4495667 MSU file from Microsoft Update Catalog:
UPDATE 4/2: Cumulative Update KB4490481 Windows 10 v1809 Build 17763.404 - April 2 Windows Update - Windows 10 Forums Source: https://support.microsoft.com/en-us/help/4489899/windows-10-update-kb4489899 Direct download links for...
UPDATE 1/8: Cumulative Update KB4480116 Windows 10 v1809 Build 17763.253 - Jan. 8 Windows Update - Windows 10 Forums Source: https://support.microsoft.com/en-us/help/4483235 Direct download links for KB4483235 MSU file from Microsoft...
UPDATE 3/1: Cumulative Update KB4482887 Windows 10 v1809 Build 17763.316 - March 1 Windows Update - Windows 10 Forums Source: https://support.microsoft.com/en-us/help/4487044/windows-10-update-kb4487044 Direct download links for...
UPDATE 2/12: Cumulative Update KB4487044 Windows 10 v1809 Build 17763.316 - Feb. 12 Windows Update - Windows 10 Forums Source: https://support.microsoft.com/en-us/help/4476976 Direct download links for KB4476976 MSU file from...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 11:51.
Find Us