Find out if your Windows PC is affected by Meltdown/Spectre vulnerabilities
Meltdown and Spectre are designed vulnerabilities in modern processors that allow attackers to read virtual memory arbitrarily. What this means is that attackers may read the memory of computer systems to steal passwords and other sensitive data.
The researchers that found the bug identified three variants of it. The first two variants, "bounds check bypass" and "branch target injection" go under the name Spectre, the last, "rogue data cache load," under the name Meltdown. Both vulnerabilities are described on the official Meltdownattack website. Research papers are linked on the website as well.
Affected are processors from Intel, AMD, ARM as well as operating systems and other software programs.
Microsoft released an operating system update yesterday to address the issue. It is required however that hardware firmware and other software programs are updated as well to protect against the vulnerabilities. Mozilla released a fix for Firefox 57, and patches for the latest versions of Edge and Internet Explorer are available already as well. Google will patch Chrome when Chrome 64 gets released on January 23, 2018.
Microsoft created a PowerShell script that returns whether your Windows PC is still vulnerable or if you don't have to worry about the vulnerabilities at all.
Here is what you need to do:
- Load an elevated PowerShell prompt. Tap on the Windows-key, type PowerShell, hold down the Shift-key and the Ctrl-key and select the PowerShell entry to load it.
- Type Install-Module SpeculationControl
- You may get a prompt stating that "NuGet provider is required to continue." Select Y to accept that.
- You may get a prompt stating that you are installing an "untrusted repository." Select Y to continue.
- Type Import-Module SpeculationControl.
- You may get an error stating that "running scripts" is disabled. If you do, type Set-ExecutionPolicy RemoteSigned. Repeat the command Import-Module SpeculationControl.
- Type Get-SpeculationControlSettings.
Tip: You can restore the default ExecutionPolicy setting by running the command Set-ExecutionPolicy Default.
The PowerShell script displays information about the vulnerability and available (installed) mitigations at this point.
It is a bit hard to read, but true means that protection is available while false means that it is not. If you have installed yesterday's Windows patch already, you should see some "true" listings there.
The script lists suggested actions to mitigation the issues that are still active. It is required to install a BIOS/firmware update to address those. How that is done depends on the manufacturer of the device.
Microsoft published additional information here.Advertisement