Cumulative Update KB4494441 Windows 10 v1809 Build 17763.503 - May 14 Win Update

ddelo · 18 May 2019

IronZorg89 said:

Thanks mate!. As you can tell from the Specs in my account profile my PC is not that old (bought in July 2015), and the guys at HP better not consider it as an old one. BTW, the next time I will probable buy a new PC is when that new chip called MORPHEUS is out.

That is a fact that @Brink is our guardian angel. No one can argue about that. Cheers!

Edit: If you have not read about MORPHEUS yet, here is the link. I found that article really interesting.
MORPHEUS

Morpheus eh....?
Yeah, I've read about it. New stuff, from the University of Michigan if I remember correctly.
Cool, but needs to be accepted and implemented by intel/amd and the likes!

JenyJ · 18 May 2019

droidly said:

Speculation control settings for CVE-2017-5715 [branch target injection]

Hardware support for branch target injection mitigation is present: False
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: False
Windows OS support for branch target injection mitigation is disabled by system policy: False
Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True

Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID performance optimization is enabled: False [not required for security]

Speculation control settings for CVE-2018-3639 [speculative store bypass]

Hardware is vulnerable to speculative store bypass: True
Hardware support for speculative store bypass disable is present: False
Windows OS support for speculative store bypass disable is present: True
Windows OS support for speculative store bypass disable is enabled system-wide: False

Speculation control settings for CVE-2018-3620 [L1 terminal fault]

Hardware is vulnerable to L1 terminal fault: True
Windows OS support for L1 terminal fault mitigation is present: True
Windows OS support for L1 terminal fault mitigation is enabled: True

Speculation control settings for MDS [microarchitectural data sampling]

Windows OS support for MDS mitigation is present: True
Hardware is vulnerable to MDS: True
Windows OS support for MDS mitigation is enabled: False

Suggested actions

* Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injection mitigation.
* Follow the guidance for enabling Windows Client support for speculation control mitigations described in https://support.microsoft.com/help/4073119

BTIHardwarePresent : False
BTIWindowsSupportPresent : True
BTIWindowsSupportEnabled : False
BTIDisabledBySystemPolicy : False
BTIDisabledByNoHardwareSupport : True
BTIKernelRetpolineEnabled : False
BTIKernelImportOptimizationEnabled : False
KVAShadowRequired : True
KVAShadowWindowsSupportPresent : True
KVAShadowWindowsSupportEnabled : True
KVAShadowPcidEnabled : False
SSBDWindowsSupportPresent : True
SSBDHardwareVulnerable : True
SSBDHardwarePresent : False
SSBDWindowsSupportEnabledSystemWide : False
L1TFHardwareVulnerable : True
L1TFWindowsSupportPresent : True
L1TFWindowsSupportEnabled : True
L1TFInvalidPteBit : 45
L1DFlushSupported : False
MDSWindowsSupportPresent : True
MDSHardwareVulnerable : True
MDSWindowsSupportEnabled : False

Hello again, what do you think now? Hope you are enjoying your black holes program and thanks for all your help and patience.

Everything seems fine, except

Speculation control settings for CVE-2017-5754 [rogue data cache load]

Code:

Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID performance optimization is enabled: False [not required for security]

Code:

KVAShadowPcidEnabled : False

The falses in red should be true, that is weird!

Can you try the 0 value, last try, can you please try these command, run CMD as admin, and reboot windows after

Code:

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f

IronZorg89 · 18 May 2019

ddelo said:

Morpheus eh....?
Yeah, I've read about it. New stuff, from the University of Michigan if I remember correctly.
Cool, but needs to be accepted and implemented by intel/amd and the likes!

They will have to accept it, for in my humble opinion, this is the only way we (common mortal users) can put an end about dealing with that never-ending saga of side-channel vulnerabilities on which you can see my rant in post #167 of that link.

droidly · 18 May 2019

Hey, I am getting the same result but thats okay thanks for trying to help me. I do have many macrium backups so I can roll back to 1809 17763.437 or 1809 17763.475.

Code:

Speculation control settings for CVE-2017-5715 [branch target injection]

Hardware support for branch target injection mitigation is present: False
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: False
Windows OS support for branch target injection mitigation is disabled by system policy: False
Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True

Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID performance optimization is enabled: False [not required for security]

Speculation control settings for CVE-2018-3639 [speculative store bypass]

Hardware is vulnerable to speculative store bypass: True
Hardware support for speculative store bypass disable is present: False
Windows OS support for speculative store bypass disable is present: True
Windows OS support for speculative store bypass disable is enabled system-wide: False

Speculation control settings for CVE-2018-3620 [L1 terminal fault]

Hardware is vulnerable to L1 terminal fault: True
Windows OS support for L1 terminal fault mitigation is present: True
Windows OS support for L1 terminal fault mitigation is enabled: True

Speculation control settings for MDS [microarchitectural data sampling]

Windows OS support for MDS mitigation is present: True
Hardware is vulnerable to MDS: True
Windows OS support for MDS mitigation is enabled: False

Suggested actions

 * Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injection mitigation.
 * Follow the guidance for enabling Windows Client support for speculation control mitigations described in https://support.microsoft.com/help/4073119


BTIHardwarePresent                  : False
BTIWindowsSupportPresent            : True
BTIWindowsSupportEnabled            : False
BTIDisabledBySystemPolicy           : False
BTIDisabledByNoHardwareSupport      : True
BTIKernelRetpolineEnabled           : False
BTIKernelImportOptimizationEnabled  : False
KVAShadowRequired                   : True
KVAShadowWindowsSupportPresent      : True
KVAShadowWindowsSupportEnabled      : True
KVAShadowPcidEnabled                : False
SSBDWindowsSupportPresent           : True
SSBDHardwareVulnerable              : True
SSBDHardwarePresent                 : False
SSBDWindowsSupportEnabledSystemWide : False
L1TFHardwareVulnerable              : True
L1TFWindowsSupportPresent           : True
L1TFWindowsSupportEnabled           : True
L1TFInvalidPteBit                   : 45
L1DFlushSupported                   : False
MDSWindowsSupportPresent            : True
MDSHardwareVulnerable               : True
MDSWindowsSupportEnabled            : False

No worries, I do appreciate all your efforts. Thanks again

JenyJ · 18 May 2019

droidly said:

Hey, I am getting the same result but thats okay thanks for trying to help me. I do have many macrium backups so I can roll back to 1809 17763.437 or 1809 17763.475.

Code:

Speculation control settings for CVE-2017-5715 [branch target injection]

Hardware support for branch target injection mitigation is present: False
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: False
Windows OS support for branch target injection mitigation is disabled by system policy: False
Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True

Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID performance optimization is enabled: False [not required for security]

Speculation control settings for CVE-2018-3639 [speculative store bypass]

Hardware is vulnerable to speculative store bypass: True
Hardware support for speculative store bypass disable is present: False
Windows OS support for speculative store bypass disable is present: True
Windows OS support for speculative store bypass disable is enabled system-wide: False

Speculation control settings for CVE-2018-3620 [L1 terminal fault]

Hardware is vulnerable to L1 terminal fault: True
Windows OS support for L1 terminal fault mitigation is present: True
Windows OS support for L1 terminal fault mitigation is enabled: True

Speculation control settings for MDS [microarchitectural data sampling]

Windows OS support for MDS mitigation is present: True
Hardware is vulnerable to MDS: True
Windows OS support for MDS mitigation is enabled: False

Suggested actions

 * Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injection mitigation.
 * Follow the guidance for enabling Windows Client support for speculation control mitigations described in https://support.microsoft.com/help/4073119


BTIHardwarePresent                  : False
BTIWindowsSupportPresent            : True
BTIWindowsSupportEnabled            : False
BTIDisabledBySystemPolicy           : False
BTIDisabledByNoHardwareSupport      : True
BTIKernelRetpolineEnabled           : False
BTIKernelImportOptimizationEnabled  : False
KVAShadowRequired                   : True
KVAShadowWindowsSupportPresent      : True
KVAShadowWindowsSupportEnabled      : True
KVAShadowPcidEnabled                : False
SSBDWindowsSupportPresent           : True
SSBDHardwareVulnerable              : True
SSBDHardwarePresent                 : False
SSBDWindowsSupportEnabledSystemWide : False
L1TFHardwareVulnerable              : True
L1TFWindowsSupportPresent           : True
L1TFWindowsSupportEnabled           : True
L1TFInvalidPteBit                   : 45
L1DFlushSupported                   : False
MDSWindowsSupportPresent            : True
MDSHardwareVulnerable               : True
MDSWindowsSupportEnabled            : False

No worries, I do appreciate all your efforts. Thanks again

Don't rollback, this version has retpoline enabled by default, it is the best one to test mitigation,

I would not worry much about it, cuase your CPU is quite old, and most likely is not exposed to the vulnerabilities to begin with.

I will stick to the value 72 as it enables the MDS mitigation and wait for the new Microcode

droidly · 18 May 2019

Okay will do.

Leoplate25 · 18 May 2019

Anyone?

Speculation control settings for CVE-2017-5715 [branch target injection] Hardware support for branch target injection mitigation is present: True Windows OS support for branch target injection mitigation is present: True Windows OS support for branch target injection mitigation is enabled: True Speculation control settings for CVE-2017-5754 [rogue data cache load] Hardware requires kernel VA shadowing: False Speculation control settings for CVE-2018-3639 [speculative store bypass] Hardware is vulnerable to speculative store bypass: True Hardware support for speculative store bypass disable is present: True Windows OS support for speculative store bypass disable is present: True Windows OS support for speculative store bypass disable is enabled system-wide: True Speculation control settings for CVE-2018-3620 [L1 terminal fault] Hardware is vulnerable to L1 terminal fault: False Speculation control settings for MDS [microarchitectural data sampling] Windows OS support for MDS mitigation is present: True Hardware is vulnerable to MDS: True Windows OS support for MDS mitigation is enabled: False BTIHardwarePresent : True BTIWindowsSupportPresent : True BTIWindowsSupportEnabled : True BTIDisabledBySystemPolicy : False BTIDisabledByNoHardwareSupport : False BTIKernelRetpolineEnabled : False BTIKernelImportOptimizationEnabled : False KVAShadowRequired : False KVAShadowWindowsSupportPresent : True KVAShadowWindowsSupportEnabled : False KVAShadowPcidEnabled : False SSBDWindowsSupportPresent : True SSBDHardwareVulnerable : True SSBDHardwarePresent : True SSBDWindowsSupportEnabledSystemWide : True L1TFHardwareVulnerable : False L1TFWindowsSupportPresent : True L1TFWindowsSupportEnabled : False L1TFInvalidPteBit : 0 L1DFlushSupported : True MDSWindowsSupportPresent : True MDSHardwareVulnerable : True MDSWindowsSupportEnabled : False

Thanksss!!!

JenyJ · 18 May 2019

Leoplate25 said:

Anyone?

Speculation control settings for CVE-2017-5715 [branch target injection] Hardware support for branch target injection mitigation is present: True Windows OS support for branch target injection mitigation is present: True Windows OS support for branch target injection mitigation is enabled: True Speculation control settings for CVE-2017-5754 [rogue data cache load] Hardware requires kernel VA shadowing: False Speculation control settings for CVE-2018-3639 [speculative store bypass] Hardware is vulnerable to speculative store bypass: True Hardware support for speculative store bypass disable is present: True Windows OS support for speculative store bypass disable is present: True Windows OS support for speculative store bypass disable is enabled system-wide: True Speculation control settings for CVE-2018-3620 [L1 terminal fault] Hardware is vulnerable to L1 terminal fault: False Speculation control settings for MDS [microarchitectural data sampling] Windows OS support for MDS mitigation is present: True Hardware is vulnerable to MDS: True Windows OS support for MDS mitigation is enabled: False BTIHardwarePresent : True BTIWindowsSupportPresent : True BTIWindowsSupportEnabled : True BTIDisabledBySystemPolicy : False BTIDisabledByNoHardwareSupport : False BTIKernelRetpolineEnabled : False BTIKernelImportOptimizationEnabled : False KVAShadowRequired : False KVAShadowWindowsSupportPresent : True KVAShadowWindowsSupportEnabled : False KVAShadowPcidEnabled : False SSBDWindowsSupportPresent : True SSBDHardwareVulnerable : True SSBDHardwarePresent : True SSBDWindowsSupportEnabledSystemWide : True L1TFHardwareVulnerable : False L1TFWindowsSupportPresent : True L1TFWindowsSupportEnabled : False L1TFInvalidPteBit : 0 L1DFlushSupported : True MDSWindowsSupportPresent : True MDSHardwareVulnerable : True MDSWindowsSupportEnabled : False

Thanksss!!!

I already answered you Cumulative Update KB4494441 Windows 10 v1809 Build 17763.503 - May 14

Nothing to worry about

Leoplate25 · 18 May 2019

JenyJ said:

I already answered you Cumulative Update KB4494441 Windows 10 v1809 Build 17763.503 - May 14

Yes, i saw that, what i wanna know if everything else is fine (except the 2 that needs a microcode update, MDSHardwareVulnerable : True and MDSWindowsSupportEnabled : False)? Because i read that KVAShadowRequired needs to be set as true. Thanks again!!!

JenyJ · 18 May 2019

Leoplate25 said:

Yes, i saw that, what i wanna know if everything else is fine (except the 2 that needs a microcode update, MDSHardwareVulnerable : True and MDSWindowsSupportEnabled : False)? Because i read that KVAShadowRequired needs to be set as true. Thanks again!!!

I told you, everything is fine, no need to worry! Everything is fine! You have a new CPU which is not exposed to all those CVE

Check the link I posted for you to be more sure.

here is the link again https://support.microsoft.com/en-in/...ngs-powershell