New
#250
Hi! I have Win10 1803 and i installed the last cumulative update from may 14th but when i run powershell to check the vulnerabilities, they are set to false (Windows OS support for MDS mitigation is enabled and MDSWindowsSupportEnabled). Is there something i can do? Please explain me as a noob, haha. Thanks!!!
The thing is you have an old CPU doesn't support most of the mitigations.
But according to SpeculationControl your CPU supports "Rogue Data Cache Load" (meltdown) mitigation. That is wired, the 72 value should cover it.
Try these commands, and you should restart.
Anyway, you have to wait for the new microcode to be released, so the 72 value is useless for now,Code:reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 8 /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
can you return please,
And I am watching a documentary about black holes, yet not much about black holes so far ,
- - - Updated - - -
I am assuming you have to wait for the new Microcode to be released for 1809, it should support MDS mitigation,
We all have it false, not just you,
Hi, i merge the registry keys that were provided here in the forum and now "Windows OS support for branch target injection mitigation is enabled" is set to True.
Another question, i have these two entries in false; what can i do?
Speculation control settings for CVE-2018-3620 [L1 terminal fault]
Hardware is vulnerable to L1 terminal fault: False
Speculation control settings for CVE-2017-5754 [rogue data cache load]
Hardware requires kernel VA shadowing: False
I see others in this thread have it enabled. Can you guide me? Thanks!
Hey mate!
Everything seems OK...so now to mitigate the MDS vulnerabilities you wait for a BIOS/UEFI update, to version 0x27, according to intel, (you're currently on 0x25) or if the hp guys decide that you have an old CPU and they will not bother (sic), you like everybody else wait for a microcode update from Microsoft. As a regular in TenForums you're well aware that our guardian angel @Brink will inform us on time!
Here's mine:
Speculation control settings for CVE-2017-5715 [branch target injection]
Hardware support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: True
Speculation control settings for CVE-2017-5754 [rogue data cache load]
Hardware requires kernel VA shadowing: False
Speculation control settings for CVE-2018-3639 [speculative store bypass]
Hardware is vulnerable to speculative store bypass: True
Hardware support for speculative store bypass disable is present: True
Windows OS support for speculative store bypass disable is present: True
Windows OS support for speculative store bypass disable is enabled system-wide: True
Speculation control settings for CVE-2018-3620 [L1 terminal fault]
Hardware is vulnerable to L1 terminal fault: False
Speculation control settings for MDS [microarchitectural data sampling]
Windows OS support for MDS mitigation is present: True
Hardware is vulnerable to MDS: True
Windows OS support for MDS mitigation is enabled: False
Suggested actions
* Follow the guidance for enabling Windows Client support for speculation control mitigations described in https://support.microsoft.com/help/4073119
BTIHardwarePresent : True
BTIWindowsSupportPresent : True
BTIWindowsSupportEnabled : True
BTIDisabledBySystemPolicy : False
BTIDisabledByNoHardwareSupport : False
BTIKernelRetpolineEnabled : False
BTIKernelImportOptimizationEnabled : False
KVAShadowRequired : False
KVAShadowWindowsSupportPresent : True
KVAShadowWindowsSupportEnabled : False
KVAShadowPcidEnabled : False
SSBDWindowsSupportPresent : True
SSBDHardwareVulnerable : True
SSBDHardwarePresent : True
SSBDWindowsSupportEnabledSystemWide : True
L1TFHardwareVulnerable : False
L1TFWindowsSupportPresent : True
L1TFWindowsSupportEnabled : False
L1TFInvalidPteBit : 0
L1DFlushSupported : True
MDSWindowsSupportPresent : True
MDSHardwareVulnerable : True
MDSWindowsSupportEnabled : False
I must wait for a microcode to have the last two ''fixed''; don't i?
Thanks mate!. As you can tell from the Specs in my account profile my PC is not that old (bought in July 2015), and the guys at HP better not consider it as an old one. BTW, the next time I will probable buy a new PC is when that new chip called MORPHEUS is out.
That is a fact that @Brink is our guardian angel. No one can argue about that. Cheers!
Edit: If you have not read about MORPHEUS yet, here is the link. I found that article really interesting.
MORPHEUS
When Hardware is false that means that nothing needed to be done, not exposed to vulnerabilities, no need to security patches, hence no need to mitigation.
Nothing to worry about
Check this for more info https://support.microsoft.com/en-in/...ngs-powershell
Last edited by JenyJ; 18 May 2019 at 16:11.
Speculation control settings for CVE-2017-5715 [branch target injection]
Hardware support for branch target injection mitigation is present: False
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: False
Windows OS support for branch target injection mitigation is disabled by system policy: False
Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True
Speculation control settings for CVE-2017-5754 [rogue data cache load]
Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID performance optimization is enabled: False [not required for security]
Speculation control settings for CVE-2018-3639 [speculative store bypass]
Hardware is vulnerable to speculative store bypass: True
Hardware support for speculative store bypass disable is present: False
Windows OS support for speculative store bypass disable is present: True
Windows OS support for speculative store bypass disable is enabled system-wide: False
Speculation control settings for CVE-2018-3620 [L1 terminal fault]
Hardware is vulnerable to L1 terminal fault: True
Windows OS support for L1 terminal fault mitigation is present: True
Windows OS support for L1 terminal fault mitigation is enabled: True
Speculation control settings for MDS [microarchitectural data sampling]
Windows OS support for MDS mitigation is present: True
Hardware is vulnerable to MDS: True
Windows OS support for MDS mitigation is enabled: False
Suggested actions
* Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injection mitigation.
* Follow the guidance for enabling Windows Client support for speculation control mitigations described in https://support.microsoft.com/help/4073119
BTIHardwarePresent : False
BTIWindowsSupportPresent : True
BTIWindowsSupportEnabled : False
BTIDisabledBySystemPolicy : False
BTIDisabledByNoHardwareSupport : True
BTIKernelRetpolineEnabled : False
BTIKernelImportOptimizationEnabled : False
KVAShadowRequired : True
KVAShadowWindowsSupportPresent : True
KVAShadowWindowsSupportEnabled : True
KVAShadowPcidEnabled : False
SSBDWindowsSupportPresent : True
SSBDHardwareVulnerable : True
SSBDHardwarePresent : False
SSBDWindowsSupportEnabledSystemWide : False
L1TFHardwareVulnerable : True
L1TFWindowsSupportPresent : True
L1TFWindowsSupportEnabled : True
L1TFInvalidPteBit : 45
L1DFlushSupported : False
MDSWindowsSupportPresent : True
MDSHardwareVulnerable : True
MDSWindowsSupportEnabled : False
Hello again, what do you think now? Hope you are enjoying your black holes program and thanks for all your help and patience.