Utility for mitigations CVE-2017-5715 and CVE-2017-5754 status check

Discussion in 'Operating Systems' started by mbk1969, Jan 10, 2018.

  1. tsunami231

    tsunami231 Ancient Guru

    Messages:
    12,180
    Likes Received:
    940
    GPU:
    EVGA 1070Ti Black
    Code:
    PS C:\Windows\system32> Get-SpeculationControlSettings -Verbose
    Speculation control settings for CVE-2017-5715 [branch target injection]
    
    BpbEnabled                   : False
    BpbDisabledSystemPolicy      : False
    BpbDisabledNoHardwareSupport : True
    HwReg1Enumerated             : False
    HwReg2Enumerated             : False
    HwMode1Present               : False
    HwMode2Present               : False
    SmepPresent                  : True
    Hardware support for branch target injection mitigation is present: False
    Windows OS support for branch target injection mitigation is present: True
    Windows OS support for branch target injection mitigation is enabled: False
    Windows OS support for branch target injection mitigation is disabled by system policy: False
    Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True
    
    Speculation control settings for CVE-2017-5754 [rogue data cache load]
    
    KvaShadowEnabled             : True
    KvaShadowUserGlobal          : False
    KvaShadowPcid                : True
    KvaShadowInvpcid             : True
    Hardware requires kernel VA shadowing: True
    Windows OS support for kernel VA shadow is present: True
    Windows OS support for kernel VA shadow is enabled: True
    Windows OS support for PCID performance optimization is enabled: True [not required for security]
    
    Suggested actions
    
     * Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injectio
    n mitigation.
    
    
    BTIHardwarePresent             : False
    BTIWindowsSupportPresent       : True
    BTIWindowsSupportEnabled       : False
    BTIDisabledBySystemPolicy      : False
    BTIDisabledByNoHardwareSupport : True
    KVAShadowRequired              : True
    KVAShadowWindowsSupportPresent : True
    KVAShadowWindowsSupportEnabled : True
    KVAShadowPcidEnabled           : True

    says it installed I not gona keep harping on, I will do the bios update for my asrock z170 exterme 4 when they are released, asrock has already started releasing updates with newer platforms so i assuming they working back words
     
  2. AMDMan2016

    AMDMan2016 Active Member

    Messages:
    73
    Likes Received:
    6
    GPU:
    Geforce 1660 Super
    PHP:
    Speculation control settings for CVE-2017-5715 [branch target injection]
    Hardware support for branch target injection mitigation is presentFalse
    Windows OS support 
    for branch target injection mitigation is present:True
    Windows OS support 
    for branch target injection mitigation is enabledFalse
    Windows OS support 
    for branch target injection mitigation is disabled by system policyFalse
    Windows OS support 
    for branch target injection mitigation is disabled by absence of hardware supportTrue

    Speculation control settings 
    for CVE-2017-5754 [rogue data cache load]
    Hardware requires kernel VA shadowingTrue
    Windows OS support 
    for kernel VA shadow is presentTrue
    Windows OS support 
    for kernel VA shadow is enabledTrue
    Windows OS support 
    for PCID performance optimization is enabledTrue [not required for security]

    Additional CPU information
    Name
    Intel(RCore(TMi7-7700 CPU 3.60GHz
    Description
    Intel64 Family 6 Model 158 Stepping 9
    CPUID
    0x000906E9

    Additional OS information
    Name
    Microsoft Windows 10 Pro
    Architecture
    64-bit
    Build
    16299
    SKU
    48
    Service Pack
    0.0


    Is my First Intel I7 Protected enough til Bios update is out for my Asus G11CD, For years I used AMD system, but when I came across some money in September 2017, I decided to try Intel based system for first time in a long long long time. So far liking it, just hoping i'm secure enough til bios update comes out

    also using Avast Antivirus, had to disable it just to get this tool to run to see the status lol, reenabled now though[/CODE]
     
  3. tsunami231

    tsunami231 Ancient Guru

    Messages:
    12,180
    Likes Received:
    940
    GPU:
    EVGA 1070Ti Black
    your half protected like me proteced from meltdown but not spec, I would not really worry about imo for most part i think this been blown up do to social media wild fires, would make sure you update when updates are out
     
  4. AMDMan2016

    AMDMan2016 Active Member

    Messages:
    73
    Likes Received:
    6
    GPU:
    Geforce 1660 Super
    yes I always update whenever an update is released for Windows, and 3rd Party programs, sometimes feel almost obessed with making sure everything up to date lol
     

  5. tsunami231

    tsunami231 Ancient Guru

    Messages:
    12,180
    Likes Received:
    940
    GPU:
    EVGA 1070Ti Black
    i do windows update always, but i have it set to notify first before i download it, I like to know what i downloading before i download. and bios update i only done when stupid crap like this happen other wise i never touch bios, but most people will never do such updates
     
  6. mbk1969

    mbk1969 Ancient Guru

    Messages:
    11,285
    Likes Received:
    8,857
    GPU:
    GF RTX 2070 Super

    http://www.mediafire.com/file/2321zihyiaefbzj/MitigationStatus.zip

    Please, try new version and paste info here.
     
  7. AMDMan2016

    AMDMan2016 Active Member

    Messages:
    73
    Likes Received:
    6
    GPU:
    Geforce 1660 Super
    Bios only when have to lol for security risks like this, otherwise don't update bios, Windows always, Windows 10 I don't have option to set for notify lol, but most of the time updates go smoothly for most part lol. Drivers yes always update
     
  8. mbk1969

    mbk1969 Ancient Guru

    Messages:
    11,285
    Likes Received:
    8,857
    GPU:
    GF RTX 2070 Super
    http://www.mediafire.com/file/2321zihyiaefbzj/MitigationStatus.zip

    Please, try new version too and paste info here.
     
  9. tsunami231

    tsunami231 Ancient Guru

    Messages:
    12,180
    Likes Received:
    940
    GPU:
    EVGA 1070Ti Black
    Code:
    Speculation control settings for CVE-2017-5715 [branch target injection]
    
    Querying branch target injection information failed with error: 0xC0000003, The parameter is incorrect
    Hardware support for branch target injection mitigation is present: False
    Windows OS support for branch target injection mitigation is present: False
    Windows OS support for branch target injection mitigation is enabled: False
    
    BpbEnabled            : False
    BpbDisabledSystemPolicy        : False
    BpbDisabledNoHardwareSupport    : False
    HwReg1Enumerated        : False
    HwReg2Enumerated        : False
    HwMode1Present            : False
    HwMode2Present            : False
    SmepPresent            : False
    
    
    
    Speculation control settings for CVE-2017-5754 [rogue data cache load]
    
    Hardware requires kernel VA shadowing: True
    Windows OS support for kernel VA shadow is present: True
    Windows OS support for kernel VA shadow is enabled: True
    Windows OS support for PCID performance optimization is enabled: True [not required for security]
    
    KvaShadowEnabled    : True
    KvaShadowUserGlobal    : False
    KvaShadowPcid        : True
    KvaShadowInvpcid        : True
    
    
    
    Additional CPU information
    
    Name: Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz
    Description: Intel64 Family 6 Model 94 Stepping 3
    CPUID: 0x000506E3
    
    
    
    Additional OS information
    
    Name: Microsoft Windows 10 Pro
    Architecture: 64-bit
    Build: 15063
    SKU: 48
    Service Pack: 0.0
    

    same error ran normal or as admin
     
  10. mbk1969

    mbk1969 Ancient Guru

    Messages:
    11,285
    Likes Received:
    8,857
    GPU:
    GF RTX 2070 Super
    Ok, now I have only one suggestion - there is bug in PowerShell script. Lets test this. Can you locate all SpeculationControl.psm1 files and made a correction in two lines:
    Code:
    There are two lines:
            $retval = $ntdll::NtQuerySystemInformation($systemInformationClass, $systemInformationPtr, $systemInformationLength, $returnLengthPtr)
    
    Just add part "[System.UInt32]" to beginning of both lines:
            [System.UInt32]$retval = $ntdll::NtQuerySystemInformation($systemInformationClass, $systemInformationPtr, $systemInformationLength, $returnLengthPtr)
    
    And execute command again. (Updated text in code tags - did not noticed that bold font was not applied inside code block.)
     
    Last edited: Jan 13, 2018

  11. tsunami231

    tsunami231 Ancient Guru

    Messages:
    12,180
    Likes Received:
    940
    GPU:
    EVGA 1070Ti Black
    not clue how edit that stuff and even if i did what part is in bold?


    i have 1.0.3 of so i dont see how mine can be wrong when everone is getting it from the sameplace
     
  12. mbk1969

    mbk1969 Ancient Guru

    Messages:
    11,285
    Likes Received:
    8,857
    GPU:
    GF RTX 2070 Super
    Code:
    There are two lines:
            $retval = $ntdll::NtQuerySystemInformation($systemInformationClass, $systemInformationPtr, $systemInformationLength, $returnLengthPtr)
    
    Just add part "[System.UInt32]" to beginning of both lines:
            [System.UInt32]$retval = $ntdll::NtQuerySystemInformation($systemInformationClass, $systemInformationPtr, $systemInformationLength, $returnLengthPtr)
    
    Just find "SpeculationControl.psm1" in Explorer and in context menu chose "Edit" - this should bring PowerShel_ISE - just edit there and save. Or edit in Notepad.
     
  13. tsunami231

    tsunami231 Ancient Guru

    Messages:
    12,180
    Likes Received:
    940
    GPU:
    EVGA 1070Ti Black
    i just update the module to the 1.0.4 that was released it says

    Code:
    PS C:\Windows\system32> Get-SpeculationControlSettings
    Speculation control settings for CVE-2017-5715 [branch target injection]
    For more information about the output below, please refer to https://support.microsoft.com/en-in/help/4074629
    
    Hardware support for branch target injection mitigation is present: False
    Windows OS support for branch target injection mitigation is present: True
    Windows OS support for branch target injection mitigation is enabled: False
    Windows OS support for branch target injection mitigation is disabled by system policy: False
    Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True
    
    Speculation control settings for CVE-2017-5754 [rogue data cache load]
    
    Hardware requires kernel VA shadowing: True
    Windows OS support for kernel VA shadow is present: True
    Windows OS support for kernel VA shadow is enabled: True
    Windows OS support for PCID performance optimization is enabled: True [not required for security]
    
    Suggested actions
    
     * Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injectio
    n mitigation.
    
    
    BTIHardwarePresent             : False
    BTIWindowsSupportPresent       : True
    BTIWindowsSupportEnabled       : False
    BTIDisabledBySystemPolicy      : False
    BTIDisabledByNoHardwareSupport : True
    KVAShadowRequired              : True
    KVAShadowWindowsSupportPresent : True
    KVAShadowWindowsSupportEnabled : True
    KVAShadowPcidEnabled           : True
    
    
    

    they all come back with same results
     
    Last edited: Jan 13, 2018
  14. mbk1969

    mbk1969 Ancient Guru

    Messages:
    11,285
    Likes Received:
    8,857
    GPU:
    GF RTX 2070 Super
    Line # 53 : $retval = $ntdll::NtQuerySystemInformation(...
    Line # 161: $retval = $ntdll::NtQuerySystemInformation(...

    Just add to beginning of both: [System.UInt32]$retval = $ntdll::NtQuerySystemInformation

    I swear - this is last attempt.
     
  15. tsunami231

    tsunami231 Ancient Guru

    Messages:
    12,180
    Likes Received:
    940
    GPU:
    EVGA 1070Ti Black
    ok I just tried to edit that in both notpade and ise, it will not let me save, i not gona go out my way here, each verison of that script has told me the same thing OS patch is installed, if that script is wrong i would think it would of been fixed by now, cause it would telling others same thing.

    Maybe something on my pc is just being wierd.

    maybe i will looking into more later as to why i cant save changes
     
    Last edited: Jan 13, 2018

  16. mbk1969

    mbk1969 Ancient Guru

    Messages:
    11,285
    Likes Received:
    8,857
    GPU:
    GF RTX 2070 Super
    Ok, I will test my suspicious myself, I am pretty sure guys just overlooked a delicate moment related with PowerShell scripting in both these places. And if they did, script will always suggest that the call to Win API function NtQuerySystemInformation is always successful. You can test it in any VM without installed patch - and if my suggestion is correct you will receive pretty much the same "Windows OS support for branch target injection mitigation is present: True"
     
  17. tsunami231

    tsunami231 Ancient Guru

    Messages:
    12,180
    Likes Received:
    940
    GPU:
    EVGA 1070Ti Black
    ok seeeing OCD is bitch and my OCD need to die,

    But i got it to save by changing permissions to modify for my user, which dont understand cause I am the admin of the system and i am loged iin with true admin which under my name yet there is the admin of my"name" and just my "name" listing in permissions, still think permissions are screwed up in windows

    with the changes the script tells me it is enabled

    Code:
    PS C:\Windows\system32>  Get-SpeculationControlSettings
    Speculation control settings for CVE-2017-5715 [branch target injection]
    For more information about the output below, please refer to https://support.microsoft.com/en-in/help/4074629
    
    Hardware support for branch target injection mitigation is present: False
    Windows OS support for branch target injection mitigation is present: True
    Windows OS support for branch target injection mitigation is enabled: False
    Windows OS support for branch target injection mitigation is disabled by system policy: False
    Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True
    
    Speculation control settings for CVE-2017-5754 [rogue data cache load]
    
    Hardware requires kernel VA shadowing: True
    Windows OS support for kernel VA shadow is present: True
    Windows OS support for kernel VA shadow is enabled: True
    Windows OS support for PCID performance optimization is enabled: True [not required for security]
    
    Suggested actions
    
     * Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injectio
    n mitigation.
    
    
    BTIHardwarePresent             : False
    BTIWindowsSupportPresent       : True
    BTIWindowsSupportEnabled       : False
    BTIDisabledBySystemPolicy      : False
    BTIDisabledByNoHardwareSupport : True
    KVAShadowRequired              : True
    KVAShadowWindowsSupportPresent : True
    KVAShadowWindowsSupportEnabled : True
    KVAShadowPcidEnabled           : True
    

    even then thought idont want to im sure my ocd will keep watching this
     
  18. mbk1969

    mbk1969 Ancient Guru

    Messages:
    11,285
    Likes Received:
    8,857
    GPU:
    GF RTX 2070 Super
    One last thought and I will stop this troubleshooting session. BRB in 5 minutes...
     
  19. tsunami231

    tsunami231 Ancient Guru

    Messages:
    12,180
    Likes Received:
    940
    GPU:
    EVGA 1070Ti Black
    you and Extraordinary go above and beyond on this forums to help people
     
  20. mbk1969

    mbk1969 Ancient Guru

    Messages:
    11,285
    Likes Received:
    8,857
    GPU:
    GF RTX 2070 Super

Share This Page