Utility for mitigations CVE-2017-5715 and CVE-2017-5754 status check

no go, maybe i have gnomes at work ? XD

Spoiler

Code:

Speculation control settings for CVE-2017-5715 [branch target injection]

Querying branch target injection information failed with error: 0xC0000003, The parameter is incorrect
Hardware support for branch target injection mitigation is present: False
Windows OS support for branch target injection mitigation is present: False
Windows OS support for branch target injection mitigation is enabled: False

BpbEnabled            : False
BpbDisabledSystemPolicy        : False
BpbDisabledNoHardwareSupport    : False
HwReg1Enumerated        : False
HwReg2Enumerated        : False
HwMode1Present            : False
HwMode2Present            : False
SmepPresent            : False



Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID performance optimization is enabled: True [not required for security]

KvaShadowEnabled    : True
KvaShadowUserGlobal    : False
KvaShadowPcid        : True
KvaShadowInvpcid        : True



Additional CPU information

Name: Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz
Description: Intel64 Family 6 Model 94 Stepping 3
CPUID: 0x000506E3



Additional OS information

Name: Microsoft Windows 10 Pro
Architecture: 64-bit
Build: 15063
SKU: 48
Service Pack: 0.0

 

And I was being blind all this time - I just discovered that my utility was built all this time as 32-bit application (VisualStudio decided so back at work). So I just changed that to be 64-bit (in 64-bit OS) and please, try for the last time
http://www.mediafire.com/file/2321zihyiaefbzj/MitigationStatus.zip

 

guess what is was all a brain fart!!

ran normal or as admin

Spoiler

Code:

Speculation control settings for CVE-2017-5715 [branch target injection]

Hardware support for branch target injection mitigation is present: False
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: False
Windows OS support for branch target injection mitigation is disabled by system policy: False
Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True

BpbEnabled            : False
BpbDisabledSystemPolicy        : False
BpbDisabledNoHardwareSupport    : True
HwReg1Enumerated        : False
HwReg2Enumerated        : False
HwMode1Present            : False
HwMode2Present            : False
SmepPresent            : True



Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID performance optimization is enabled: True [not required for security]

KvaShadowEnabled    : True
KvaShadowUserGlobal    : False
KvaShadowPcid        : True
KvaShadowInvpcid        : True



Additional CPU information

Name: Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz
Description: Intel64 Family 6 Model 94 Stepping 3
CPUID: 0x000506E3



Additional OS information

Name: Microsoft Windows 10 Pro
Architecture: 64-bit
Build: 15063
SKU: 48
Service Pack: 0.0

Not sure if you patting your self on back or kick your self but success !!!

 

Phewww... First - kick for overlooking this simplest thing, then - pat for noticing (finally).

There is good joke: Experience is most valuable thing which lets you know that this error you have done already.

Now question - remove all additional values:

BpbEnabled : False
BpbDisabledSystemPolicy : False
BpbDisabledNoHardwareSupport : True
HwReg1Enumerated : False
HwReg2Enumerated : False
HwMode1Present : False
HwMode2Present : False
SmepPresent : True

and

KvaShadowEnabled : True
KvaShadowUserGlobal : False
KvaShadowPcid : True
KvaShadowInvpcid : True

or leave them to be?

 

up to you i not sure what those other entries are even for.

keep if you completest or OCD manic like me?

 

Here is Results for Latest MitigationStatus

PHP:

Speculation control settings for CVE-2017-5715 [branch target injection]

Hardware support for branch target injection mitigation is present: False
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: False
Windows OS support for branch target injection mitigation is disabled by system policy: False
Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True

BpbEnabled            : False
BpbDisabledSystemPolicy        : False
BpbDisabledNoHardwareSupport    : True
HwReg1Enumerated        : False
HwReg2Enumerated        : False
HwMode1Present            : False
HwMode2Present            : False
SmepPresent            : True



Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID performance optimization is enabled: True [not required for security]

KvaShadowEnabled    : True
KvaShadowUserGlobal    : False
KvaShadowPcid        : True
KvaShadowInvpcid        : True



Additional CPU information

Name: Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz
Description: Intel64 Family 6 Model 158 Stepping 9
CPUID: 0x000906E9



Additional OS information

Name: Microsoft Windows 10 Pro
Architecture: 64-bit
Build: 16299
SKU: 48
Service Pack: 0.0

 

Nah, I am minimalist and don`t like excessive actions/steps/lines.

http://www.mediafire.com/file/2321zihyiaefbzj/MitigationStatus.zip

Verbose output was removed to not clutter the text.

 

like said you go above and beyond like Extraordinary on these forum

 

I have ambitious thought to crack the method used by Microsoft to update CPU microcode - to be able update microcode at will (and to be able to not touch BIOS).

PS It was fun but right now I need to dream happy programmer dreams.

 

Code:

Checking for vulnerabilities against running kernel Linux 4.14.13-1-ARCH #1 SMP PREEMPT Wed Jan 10 11:14:50 UTC 2018 x86_64
CPU is Intel(R) Core(TM) i5-6600K CPU @ 3.50GHz

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking count of LFENCE opcodes in kernel:  NO
> STATUS:  VULNERABLE  (only 21 opcodes found, should be >= 70, heuristic to be improved when official patches become available)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
*   Hardware (CPU microcode) support for mitigation:  YES
*   Kernel support for IBRS:  NO
*   IBRS enabled for Kernel space:  NO
*   IBRS enabled for User space:  NO
* Mitigation 2
*   Kernel compiled with retpoline option:  NO
*   Kernel compiled with a retpoline-aware compiler:  NO
> STATUS:  VULNERABLE  (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Kernel supports Page Table Isolation (PTI):  YES
* PTI enabled and active:  YES
> STATUS:  NOT VULNERABLE  (PTI mitigates the vulnerability)

A false sense of security is worse than no security at all, see --disclaimer

Here is what i get from my main computer, i guess *Nixes are getting the same sauce as the rest of the world.

 

I used this utility as administrator on my unpatched Windows 10 Pro system and I wanna know what does THESE messages mean: Querying branch target injection information failed with error: 0xC0000003, The parameter is incorrect + Querying kernel VA shadow information failed with error: 0xC0000003, The parameter is incorrect ? Thanks!

 

your not usinf 32bit vs of windows are you?

 

Utility (and PowerShell script from MS) uses Win API function to test the state of mitigations. On unpatched Windows this function returns either 0xC0000003 or 0xC0000002 error code. This allows to distinguish patched Windows from unpatched one. Both errors just means that function doesn`t understand parameters passed into. And patch simply adds support for those parameters.

Spoiler

Here are two values of error for that:

MessageId: STATUS_NOT_IMPLEMENTED
MessageText: {Not Implemented} The requested operation is not implemented.
#define STATUS_NOT_IMPLEMENTED ((NTSTATUS)0xC0000002)

MessageId: STATUS_INVALID_INFO_CLASS
MessageText: {Invalid Parameter} The specified information class is not a valid information class for the specified object.
#define STATUS_INVALID_INFO_CLASS ((NTSTATUS)0xC0000003)

(https://msdn.microsoft.com/en-us/library/cc704588.aspx)

I can bore you further. Mentioned function returns so called NTSTATUS error code instead of so called system error code. There is special Win API function which gets error message by NTSTATUS error code. But this function is too uncomfortable to call from .Net code. So instead I decided to use special Win API function which converts NTSTATUS error code into system error code and then to use special Win API function which gets error message by system error code. Thus instead of original message "Invalid Parameter" you see "The parameter is incorrect".

 

This is what I'm getting.
So if I were to try the Vmware driver trick, it should read hardware support present: True?

Spoiler

Speculation control settings for CVE-2017-5715 [branch target injection]

Hardware support for branch target injection mitigation is present: False
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: False
Windows OS support for branch target injection mitigation is disabled by system policy: False
Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True



Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID performance optimization is enabled: False [not required for security]



Additional CPU information

Name: Intel(R) Core(TM) i7-3930K CPU @ 3.20GHz
Description: Intel64 Family 6 Model 45 Stepping 7
CPUID: 0x000206D7



Additional OS information

Name: Microsoft Windows 10 Pro
Architecture: 64-bit
Build: 16299
SKU: 48
Service Pack: 0.0

Edit: Enabled Mitigations through registry, installed the Vmware microcode update and status checker says the same thing as the spoiler.

 

It should but only in case CPU received updated microcode through VMware driver. You can check that: go to "Event Viewer => System" and look for events from "cpumcupdate" source. One event is about initialization of driver and second event is about whether newer microcode was loaded or not.

 

I'll try again but I think it's a lost cause because I put the "new" MC into my bios and flashed it but still no dice.Intel put the date as 08012018 but internally nothing has changed for my CPU, it's still the same file as the old mc from 2014.

 

It can be. Intel issues whole package with microcodes, some updated, others not, but they are all part of package issued at specific date. Don`t be discouraged yet, because Intel promised to update microcodes for many CPUs.

 

Looking at your spoiler above your Sandy Bridge-E based Core i7-3930K CPUID = 206D7, latest Intel CPU microcode in database:
https://github.com/platomav/CPUMicrocodes/tree/master/Intel
...for it is 710 dated 2013-06-17

Intel latest CPU microcode package dated 2018-01-08 contains latest Intel CPU microcodes but as mbk1969 alrady said not all of them are updated to mitigate Meltdows/Spectre security flaw.
These CPU's (taken from readme file) are the ones with fixed microcode:
IVT C0 (06-3e-04:ed) 428->42a
SKL-U/Y D0 (06-4e-03:c0) ba->c2
BDW-U/Y E/F (06-3d-04:c0) 25->28
HSW-ULT Cx/Dx (06-45-01:72) 20->21
Crystalwell Cx (06-46-01:32) 17->18
BDW-H E/G (06-47-01:22) 17->1b
HSX-EX E0 (06-3f-04:80) 0f->10
SKL-H/S R0 (06-5e-03:36) ba->c2
HSW Cx/Dx (06-3c-03:32) 22->23
HSX C0 (06-3f-02:6f) 3a->3b
BDX-DE V0/V1 (06-56-02:10) 0f->14
BDX-DE V2 (06-56-03:10) 700000d->7000011
KBL-U/Y H0 (06-8e-09:c0) 62->80
KBL Y0 / CFL D0 (06-8e-0a:c0) 70->80
KBL-H/S B0 (06-9e-09:2a) 5e->80
CFL U0 (06-9e-0a:22) 70->80
CFL B0 (06-9e-0b:02) 72->80
SKX H0 (06-55-04:b7) 2000035->200003c
GLK B0 (06-7a-01:01) 1e->22

edit:
It looks like only those ones above bolded & underlined are the ones with microcode made on 2018-01-04 who contain Meltdown/Spectre security flaw fix.

 

@ mbk1969, CrazY_Milojko - I knew I wasn't going crazy yet.I'll just wait on Intel then, thanks for your help.Now to set back my system overclock when I get home.

 

You understand of course that applying constant/permanent overclock you help hackers to finish Spectre attack faster. Go for overclock for games and underclock for browsers.