Utility for mitigations CVE-2017-5715 and CVE-2017-5754 status check

Discussion in 'Operating Systems' started by mbk1969, Jan 10, 2018.

Page 3 of 7
  1. tsunami231

    tsunami231 Ancient Guru

    Messages:
    14,750
    Likes Received:
    1,868
    GPU:
    EVGA 1070Ti Black
    Code:
    PS C:\Windows\system32> Get-SpeculationControlSettings -Verbose
Speculation control settings for CVE-2017-5715 [branch target injection]

BpbEnabled                   : False
BpbDisabledSystemPolicy      : False
BpbDisabledNoHardwareSupport : True
HwReg1Enumerated             : False
HwReg2Enumerated             : False
HwMode1Present               : False
HwMode2Present               : False
SmepPresent                  : True
Hardware support for branch target injection mitigation is present: False
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: False
Windows OS support for branch target injection mitigation is disabled by system policy: False
Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True

Speculation control settings for CVE-2017-5754 [rogue data cache load]

KvaShadowEnabled             : True
KvaShadowUserGlobal          : False
KvaShadowPcid                : True
KvaShadowInvpcid             : True
Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID performance optimization is enabled: True [not required for security]

Suggested actions

 * Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injectio
n mitigation.


BTIHardwarePresent             : False
BTIWindowsSupportPresent       : True
BTIWindowsSupportEnabled       : False
BTIDisabledBySystemPolicy      : False
BTIDisabledByNoHardwareSupport : True
KVAShadowRequired              : True
KVAShadowWindowsSupportPresent : True
KVAShadowWindowsSupportEnabled : True
KVAShadowPcidEnabled           : True

    says it installed I not gona keep harping on, I will do the bios update for my asrock z170 exterme 4 when they are released, asrock has already started releasing updates with newer platforms so i assuming they working back words
     
    tsunami231, Jan 12, 2018
    #41
  2. AMDMan2016

    AMDMan2016 Active Member

    Messages:
    98
    Likes Received:
    7
    GPU:
    Geforce 1660 Super
    PHP:
    Speculation control settings for CVE-2017-5715 [branch target injection]
    Hardware support for branch target injection mitigation is presentFalse
    Windows OS support     for branch target injection mitigation is present:True
    Windows OS support     for branch target injection mitigation is enabledFalse
    Windows OS support     for branch target injection mitigation is disabled by system policyFalse
    Windows OS support     for branch target injection mitigation is disabled by absence of hardware supportTrue

    Speculation control settings     for CVE-2017-5754 [rogue data cache load]
    Hardware requires kernel VA shadowingTrue
    Windows OS support     for kernel VA shadow is presentTrue
    Windows OS support     for kernel VA shadow is enabledTrue
    Windows OS support     for PCID performance optimization is enabledTrue [not required for security]

    Additional CPU information
    Name    Intel(RCore(TMi7-7700 CPU 3.60GHz
    Description    Intel64 Family 6 Model 158 Stepping 9
    CPUID    0x000906E9

    Additional OS information
    Name    Microsoft Windows 10 Pro
    Architecture    64-bit
    Build    16299
    SKU    48
    Service Pack    0.0


    Is my First Intel I7 Protected enough til Bios update is out for my Asus G11CD, For years I used AMD system, but when I came across some money in September 2017, I decided to try Intel based system for first time in a long long long time. So far liking it, just hoping i'm secure enough til bios update comes out

    also using Avast Antivirus, had to disable it just to get this tool to run to see the status lol, reenabled now though[/CODE]
     
    AMDMan2016, Jan 12, 2018
    #42
  3. tsunami231

    tsunami231 Ancient Guru

    Messages:
    14,750
    Likes Received:
    1,868
    GPU:
    EVGA 1070Ti Black
    your half protected like me proteced from meltdown but not spec, I would not really worry about imo for most part i think this been blown up do to social media wild fires, would make sure you update when updates are out
     
    tsunami231, Jan 12, 2018
    #43
  4. AMDMan2016

    AMDMan2016 Active Member

    Messages:
    98
    Likes Received:
    7
    GPU:
    Geforce 1660 Super
    yes I always update whenever an update is released for Windows, and 3rd Party programs, sometimes feel almost obessed with making sure everything up to date lol
     
    AMDMan2016, Jan 12, 2018
    #44

  5. tsunami231

    tsunami231 Ancient Guru

    Messages:
    14,750
    Likes Received:
    1,868
    GPU:
    EVGA 1070Ti Black
    i do windows update always, but i have it set to notify first before i download it, I like to know what i downloading before i download. and bios update i only done when stupid crap like this happen other wise i never touch bios, but most people will never do such updates
     
    tsunami231, Jan 12, 2018
    #45
  6. mbk1969

    mbk1969 Ancient Guru

    Messages:
    15,604
    Likes Received:
    13,612
    GPU:
    GF RTX 4070

    http://www.mediafire.com/file/2321zihyiaefbzj/MitigationStatus.zip

    Please, try new version and paste info here.
     
    mbk1969, Jan 12, 2018
    #46
  7. AMDMan2016

    AMDMan2016 Active Member

    Messages:
    98
    Likes Received:
    7
    GPU:
    Geforce 1660 Super
    Bios only when have to lol for security risks like this, otherwise don't update bios, Windows always, Windows 10 I don't have option to set for notify lol, but most of the time updates go smoothly for most part lol. Drivers yes always update
     
    AMDMan2016, Jan 12, 2018
    #47
  8. mbk1969

    mbk1969 Ancient Guru

    Messages:
    15,604
    Likes Received:
    13,612
    GPU:
    GF RTX 4070
    http://www.mediafire.com/file/2321zihyiaefbzj/MitigationStatus.zip

    Please, try new version too and paste info here.
     
    mbk1969, Jan 12, 2018
    #48
  9. tsunami231

    tsunami231 Ancient Guru

    Messages:
    14,750
    Likes Received:
    1,868
    GPU:
    EVGA 1070Ti Black
    Code:
    Speculation control settings for CVE-2017-5715 [branch target injection]

Querying branch target injection information failed with error: 0xC0000003, The parameter is incorrect
Hardware support for branch target injection mitigation is present: False
Windows OS support for branch target injection mitigation is present: False
Windows OS support for branch target injection mitigation is enabled: False

BpbEnabled            : False
BpbDisabledSystemPolicy        : False
BpbDisabledNoHardwareSupport    : False
HwReg1Enumerated        : False
HwReg2Enumerated        : False
HwMode1Present            : False
HwMode2Present            : False
SmepPresent            : False



Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID performance optimization is enabled: True [not required for security]

KvaShadowEnabled    : True
KvaShadowUserGlobal    : False
KvaShadowPcid        : True
KvaShadowInvpcid        : True



Additional CPU information

Name: Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz
Description: Intel64 Family 6 Model 94 Stepping 3
CPUID: 0x000506E3



Additional OS information

Name: Microsoft Windows 10 Pro
Architecture: 64-bit
Build: 15063
SKU: 48
Service Pack: 0.0

    same error ran normal or as admin
     
    tsunami231, Jan 12, 2018
    #49
  10. mbk1969

    mbk1969 Ancient Guru

    Messages:
    15,604
    Likes Received:
    13,612
    GPU:
    GF RTX 4070
    Ok, now I have only one suggestion - there is bug in PowerShell script. Lets test this. Can you locate all SpeculationControl.psm1 files and made a correction in two lines:
    Code:
    There are two lines:
        $retval = $ntdll::NtQuerySystemInformation($systemInformationClass, $systemInformationPtr, $systemInformationLength, $returnLengthPtr)

Just add part "[System.UInt32]" to beginning of both lines:
        [System.UInt32]$retval = $ntdll::NtQuerySystemInformation($systemInformationClass, $systemInformationPtr, $systemInformationLength, $returnLengthPtr)
    And execute command again. (Updated text in code tags - did not noticed that bold font was not applied inside code block.)
     
    Last edited: Jan 13, 2018
    mbk1969, Jan 12, 2018
    #50

  11. tsunami231

    tsunami231 Ancient Guru

    Messages:
    14,750
    Likes Received:
    1,868
    GPU:
    EVGA 1070Ti Black
    not clue how edit that stuff and even if i did what part is in bold?


    i have 1.0.3 of so i dont see how mine can be wrong when everone is getting it from the sameplace
     
    tsunami231, Jan 13, 2018
    #51
  12. mbk1969

    mbk1969 Ancient Guru

    Messages:
    15,604
    Likes Received:
    13,612
    GPU:
    GF RTX 4070
    Code:
    There are two lines:
        $retval = $ntdll::NtQuerySystemInformation($systemInformationClass, $systemInformationPtr, $systemInformationLength, $returnLengthPtr)

Just add part "[System.UInt32]" to beginning of both lines:
        [System.UInt32]$retval = $ntdll::NtQuerySystemInformation($systemInformationClass, $systemInformationPtr, $systemInformationLength, $returnLengthPtr)
    Just find "SpeculationControl.psm1" in Explorer and in context menu chose "Edit" - this should bring PowerShel_ISE - just edit there and save. Or edit in Notepad.
     
    mbk1969, Jan 13, 2018
    #52
  13. tsunami231

    tsunami231 Ancient Guru

    Messages:
    14,750
    Likes Received:
    1,868
    GPU:
    EVGA 1070Ti Black
    i just update the module to the 1.0.4 that was released it says

    Code:
    PS C:\Windows\system32> Get-SpeculationControlSettings
Speculation control settings for CVE-2017-5715 [branch target injection]
For more information about the output below, please refer to https://support.microsoft.com/en-in/help/4074629

Hardware support for branch target injection mitigation is present: False
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: False
Windows OS support for branch target injection mitigation is disabled by system policy: False
Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True

Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID performance optimization is enabled: True [not required for security]

Suggested actions

 * Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injectio
n mitigation.


BTIHardwarePresent             : False
BTIWindowsSupportPresent       : True
BTIWindowsSupportEnabled       : False
BTIDisabledBySystemPolicy      : False
BTIDisabledByNoHardwareSupport : True
KVAShadowRequired              : True
KVAShadowWindowsSupportPresent : True
KVAShadowWindowsSupportEnabled : True
KVAShadowPcidEnabled           : True

    they all come back with same results
     
    Last edited: Jan 13, 2018
    tsunami231, Jan 13, 2018
    #53
  14. mbk1969

    mbk1969 Ancient Guru

    Messages:
    15,604
    Likes Received:
    13,612
    GPU:
    GF RTX 4070
    Line # 53 : $retval = $ntdll::NtQuerySystemInformation(...
    Line # 161: $retval = $ntdll::NtQuerySystemInformation(...

    Just add to beginning of both: [System.UInt32]$retval = $ntdll::NtQuerySystemInformation

    I swear - this is last attempt.
     
    mbk1969, Jan 13, 2018
    #54
  15. tsunami231

    tsunami231 Ancient Guru

    Messages:
    14,750
    Likes Received:
    1,868
    GPU:
    EVGA 1070Ti Black
    ok I just tried to edit that in both notpade and ise, it will not let me save, i not gona go out my way here, each verison of that script has told me the same thing OS patch is installed, if that script is wrong i would think it would of been fixed by now, cause it would telling others same thing.

    Maybe something on my pc is just being wierd.

    maybe i will looking into more later as to why i cant save changes
     
    Last edited: Jan 13, 2018
    tsunami231, Jan 13, 2018
    #55

  16. mbk1969

    mbk1969 Ancient Guru

    Messages:
    15,604
    Likes Received:
    13,612
    GPU:
    GF RTX 4070
    Ok, I will test my suspicious myself, I am pretty sure guys just overlooked a delicate moment related with PowerShell scripting in both these places. And if they did, script will always suggest that the call to Win API function NtQuerySystemInformation is always successful. You can test it in any VM without installed patch - and if my suggestion is correct you will receive pretty much the same "Windows OS support for branch target injection mitigation is present: True"
     
    mbk1969, Jan 13, 2018
    #56
  17. tsunami231

    tsunami231 Ancient Guru

    Messages:
    14,750
    Likes Received:
    1,868
    GPU:
    EVGA 1070Ti Black
    ok seeeing OCD is bitch and my OCD need to die,

    But i got it to save by changing permissions to modify for my user, which dont understand cause I am the admin of the system and i am loged iin with true admin which under my name yet there is the admin of my"name" and just my "name" listing in permissions, still think permissions are screwed up in windows

    with the changes the script tells me it is enabled

    Code:
    PS C:\Windows\system32>  Get-SpeculationControlSettings
Speculation control settings for CVE-2017-5715 [branch target injection]
For more information about the output below, please refer to https://support.microsoft.com/en-in/help/4074629

Hardware support for branch target injection mitigation is present: False
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: False
Windows OS support for branch target injection mitigation is disabled by system policy: False
Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True

Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID performance optimization is enabled: True [not required for security]

Suggested actions

 * Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injectio
n mitigation.


BTIHardwarePresent             : False
BTIWindowsSupportPresent       : True
BTIWindowsSupportEnabled       : False
BTIDisabledBySystemPolicy      : False
BTIDisabledByNoHardwareSupport : True
KVAShadowRequired              : True
KVAShadowWindowsSupportPresent : True
KVAShadowWindowsSupportEnabled : True
KVAShadowPcidEnabled           : True

    even then thought idont want to im sure my ocd will keep watching this
     
    tsunami231, Jan 13, 2018
    #57
  18. mbk1969

    mbk1969 Ancient Guru

    Messages:
    15,604
    Likes Received:
    13,612
    GPU:
    GF RTX 4070
    One last thought and I will stop this troubleshooting session. BRB in 5 minutes...
     
    mbk1969, Jan 13, 2018
    #58
  19. tsunami231

    tsunami231 Ancient Guru

    Messages:
    14,750
    Likes Received:
    1,868
    GPU:
    EVGA 1070Ti Black
    you and Extraordinary go above and beyond on this forums to help people
     
    tsunami231, Jan 13, 2018
    #59
  20. mbk1969

    mbk1969 Ancient Guru

    Messages:
    15,604
    Likes Received:
    13,612
    GPU:
    GF RTX 4070
    mbk1969, Jan 13, 2018
    #60
Page 3 of 7

Share This Page