New
#190
Nice Dimitri, maybe MS have realized the reg stuff (especially regarding protection) is open to abuse and are injecting fixes into the kernel...?
Nice Dimitri, maybe MS have realized the reg stuff (especially regarding protection) is open to abuse and are injecting fixes into the kernel...?
I agree 100%.
But I just noticed something else.
Take a look at the output of the PS script, in this post
Cumulative Update KB4494441 Windows 10 v1809 Build 17763.503 - May 14
No Retpoline enabled....now I'm confused.
Update:
No I'm not confused. The member who made the post has an i7-8700K CPU. This is not included in the Retpoline capable CPUs, according to Intel. And apparently they haven't included the BTIKernelImportOptimizationEnabled feature in their whatever change. (which is probably done via Registry entries??...not a clue here)
The one i know of, who can test it, is Dick @f14tomcat, who has a similar CPU. If he runs the SpeculationControl script see the output and then delete the entry and run the script again, we'll see if BTIKernelImportOptimizationEnabled is still enabled via Registry entries.
Run CMD as admin and execute these commands, then return with the results
Source: https://support.microsoft.com/en-us/...erabilities-inCode:reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 72 /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f If the Hyper-V feature is installed, add the following registry setting: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d "1.0" /f
I am having all enabled, just waiting the microcode update for the MDS as reported in this post Cumulative Update KB4494441 Windows 10 v1809 Build 17763.503 - May 14
Code:PS C:\Windows\system32> Get-SpeculationControlSettings For more information about the output below, please refer to https://support.microsoft.com/help/4074629 Speculation control settings for CVE-2017-5715 [branch target injection] Hardware support for branch target injection mitigation is present: True Windows OS support for branch target injection mitigation is present: True Windows OS support for branch target injection mitigation is enabled: True Speculation control settings for CVE-2017-5754 [rogue data cache load] Hardware requires kernel VA shadowing: True Windows OS support for kernel VA shadow is present: True Windows OS support for kernel VA shadow is enabled: True Windows OS support for PCID performance optimization is enabled: True [not required for security] Speculation control settings for CVE-2018-3639 [speculative store bypass] Hardware is vulnerable to speculative store bypass: True Hardware support for speculative store bypass disable is present: True Windows OS support for speculative store bypass disable is present: True Windows OS support for speculative store bypass disable is enabled system-wide: True Speculation control settings for CVE-2018-3620 [L1 terminal fault] Hardware is vulnerable to L1 terminal fault: True Windows OS support for L1 terminal fault mitigation is present: True Windows OS support for L1 terminal fault mitigation is enabled: True Speculation control settings for MDS [microarchitectural data sampling] Windows OS support for MDS mitigation is present: True Hardware is vulnerable to MDS: True Windows OS support for MDS mitigation is enabled: False Suggested actions * Follow the guidance for enabling Windows Client support for speculation control mitigations described in https://support.microsoft.com/help/4073119 BTIHardwarePresent : True BTIWindowsSupportPresent : True BTIWindowsSupportEnabled : True BTIDisabledBySystemPolicy : False BTIDisabledByNoHardwareSupport : False BTIKernelRetpolineEnabled : False BTIKernelImportOptimizationEnabled : True KVAShadowRequired : True KVAShadowWindowsSupportPresent : True KVAShadowWindowsSupportEnabled : True KVAShadowPcidEnabled : True SSBDWindowsSupportPresent : True SSBDHardwareVulnerable : True SSBDHardwarePresent : True SSBDWindowsSupportEnabledSystemWide : True L1TFHardwareVulnerable : True L1TFWindowsSupportPresent : True L1TFWindowsSupportEnabled : True L1TFInvalidPteBit : 45 L1DFlushSupported : True MDSWindowsSupportPresent : True MDSHardwareVulnerable : True MDSWindowsSupportEnabled : False
I think they just default to 0/3 for w/o any reg key overrides. I set mine to 3/3 and it does disable, so reg values do work.
I haven't tried other values but I bet it works as MS updated that doc on reg key values right after update.
https://support.microsoft.com/en-us/...erabilities-in