Windows client guidance for IT Pros to protect against speculative

Page 3 of 3 FirstFirst 123
  1. Polo6RGTI's Avatar
    Posts : 690
    Windows 10 Pro WS x64 18362.145
       #20

    Steve C said: View Post
    Just to be clear - what is the option to enable Retpoline plus all the others for an Intel CPU?
    Hi Steve,

    To enable all the mitigations when Hyper-Treading is enabled:
    Code:
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 72 /f
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
    reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d "1.0" /f

    To enable all the mitigations when Hyper-Treading is disabled:
    Code:
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 8264 /f
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
    reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d "1.0" /f
      My ComputerSystem Spec

  2.    #21

    Polo6RGTI said: View Post
    Hi Steve,

    To enable all the mitigations when Hyper-Treading is enabled:
    Code:
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 72 /f
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
    reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d "1.0" /f

    To enable all the mitigations when Hyper-Treading is disabled:
    Code:
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 8264 /f
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
    reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d "1.0" /f
    Thanks. I thought I had all security settings enables, but for the above keys with hyperthreading I have the following settings:

    FeatureSettingsOverride = 400 (Hex)
    FeatureSettingsOverrideMask = 400 (Hex)
    MinVmVersionForCpuBasedMitigations - no key set
      My ComputersSystem Spec

  3.    #22

    Steve C said: View Post
    Just to be clear - what is the option to enable Retpoline plus all the others for an Intel CPU?
    Retpoline will be enabled on an older Intel CPU (pre Skylake) without setting the registry as will Spectre Variant 2 (all CPUs) provided the uCode (or mcu_GenuineIntel.dll or mcu_AuthenticAMD.dll) support.

    Please use the Powershell script to verify all the settings before editing the registry.
      My ComputerSystem Spec


 
Page 3 of 3 FirstFirst 123

Related Threads
Read more: https://support.microsoft.com/en-us/help/4073119/windows-client-guidance-for-it-pros-to-protect-against-speculative-exe See also: Understanding performance impact of Spectre and Meltdown mitigations - Windows 10 Forums Protect...
Source: https://support.microsoft.com/en-us/help/4073065/surface-guidance-to-protect-against-speculative-execution-side-channel See also: Surface devices and the new speculative execution side-channel vulnerabilities (May 2018) Surface
Source: https://support.microsoft.com/en-us/help/4073418/azure-stack-guidance-protect-against-speculative-execution-side-channe
Source: https://support.microsoft.com/en-us/help/4073225/guidance-for-sql-server
Source: https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 16:00.
Find Us