Check with Powershell for Meltdown and Spectre #exploit critical vulnerabilities Protection #Meltdown #Spectre #KB4056892   1 comment

Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.

Edit:5-1-2018

Meltdown is Intel-only and takes advantage of a privilege escalation flaw allowing kernel memory access from user space, meaning any secret a computer is protecting (even in the kernel) is available to any user able to execute code on the system.

Spectre applies to Intel, ARM, and AMD processors and works by tricking processors into executing instructions they should not have been able to, granting access to sensitive information in other applications’ memory space.

Meltdown work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider’s infrastructure, it might be possible to steal data from other customers.

image

Microsoft is aware of a new publicly disclosed class of vulnerabilities referred to as “speculative execution side-channel attacks” that affects many modern processors and operating systems including Intel, AMD, and ARM. Note: this issue will affect other systems such as Android, Chrome, iOS, MacOS, so we advise customers to seek out guidance from those vendors.

Microsoft has released several updates to help mitigate these vulnerabilities. We have also taken action to secure our cloud services. See the following sections for more details.

Microsoft has not received any information to indicate that these vulnerabilities have been used to attack customers at this time. Microsoft continues to work closely with industry partners including chip makers, hardware OEMs, and app vendors to protect customers. To get all available protections, hardware/firmware and software updates are required. This includes microcode from device OEMs and in some cases updates to AV software as well.

The following sections will help you identify and mitigate client environments affected by the vulnerabilities identified in Microsoft Security Advisory ADV180002.

The Windows updates will also provide Internet Explorer and Edge mitigations. We will also continue to improve these mitigations against this class of vulnerabilities.

Customers who only install the Windows January 2018 security updates will not receive the benefit of all known protections against the vulnerabilities. In addition to installing the January security updates, a processor microcode, or firmware, update is required. This should be available through your device manufacturer. Surface customers will receive a microcode update via Windows update.

Install the powershell module from the Gallery.

image

Install-Module SpeculationControl

image

With  Get-SpeculationControlSettings you can check your settings

image

As my system is not protected, but after all the fixes it should be like this below.

image

But you need to do more than just a software patch.

Customers who only install the Windows January 2018 security updates will not receive the benefit of all known protections against the vulnerabilities. In addition to installing the January security updates, a processor microcode, or firmware, update is required. This should be available through your device manufacturer. Surface customers will receive a microcode update via Windows update.

checking the BIOS of you machine with

get-wmiobject win32_bios

image

image

As there is no later Bios from my system, I’m out off luck.  good moment to renew my test machine.

SO I need to patch my system, As I’m a windows insider I run several versions of windows. First check there was KB4056890 but this is already updated to KB4056892 make sure you get the latest version of the patch. you don’t want to patch and reboot the machine twice.

https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892

Get the hotfix http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4056890

image

The Updated version!

Get the hotfix http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4056892

 

http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4056892

 

In this case I installed the KB4056890 Update installation may stop at 99% and may show elevated CPU there is a fix for that read this :

https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892

 

image

You need a reboot for this fix.

image

Remember this is not just a Microsoft Windows thing if you are on Citrix,Xenserver,Amazon or VMWare You need to check your hardware.

https://blogs.vmware.com/security/2018/01/vmsa-2018-0002.html

 

 

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Http://nl.linkedin.com/in/robertsmit

Google Me : https://www.google.nl

Bing Me : http://tinyurl.com/j6ny39w

LMGTFY : http://lmgtfy.com/?q=robert+smit+mvp+blog

Advertisements

Posted January 4, 2018 by Robert Smit [MVP] in Windows Server 2016

Tagged with

One response to “Check with Powershell for Meltdown and Spectre #exploit critical vulnerabilities Protection #Meltdown #Spectre #KB4056892

Subscribe to comments with RSS.

  1. Pingback: Intel Bug–Follow up Post! | redkaffe

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

  • Twitter

  • %d bloggers like this: