KB4074629: Understanding SpeculationControl PowerShell script output

Summary

To help you verify the status of speculative execution side-channel mitigations, we published a PowerShell script (SpeculationControl) that can run on your devices. This article explains how to run the SpeculationControl script and what the output means.

Security advisories ADV180002, ADV180012, ADV180018, and ADV190013 cover the following nine vulnerabilities:

• CVE-2017-5715 (branch target injection)
• CVE-2017-5753 (bounds check bypass)
  Note Protection for CVE-2017-5753 (bounds check) does not require additional registry settings or firmware updates.
• CVE-2017-5754 (rogue data cache load)
• CVE-2018-3639 (speculative store bypass)
• CVE-2018-3620 (L1 terminal fault – OS)
• CVE-2018-11091 (Microarchitectural Data Sampling Uncacheable Memory (MDSUM))
• CVE-2018-12126 (Microarchitectural Store Buffer Data Sampling (MSBDS))
• CVE-2018-12127 (Microarchitectural Load Port Data Sampling (MLPDS))
• CVE-2018-12130 (Microarchitectural Fill Buffer Data Sampling (MFBDS))

Advisory ADV220002 covers additional Memory-Mapped I/O (MMIO) related vulnerabilities:

• CVE-2022-21123 - Shared Buffer Data Read (SBDR)
• CVE-2022-21125 - Shared Buffer Data Sampling (SBDS)
• CVE-2022-21127 - Special Register Buffer Data Sampling Update (SRBDS Update)
• CVE-2022-21166 - Device Register Partial Write (DRPW)

This article provides details about the SpeculationControl PowerShell script that helps determine the state of the mitigations for the listed CVEs that require additional registry settings and, in some cases, firmware updates.

Read more: https://support.microsoft.com/en-us/...5-5be4c9e67c04

Posted By: Brink
23 Apr 2023