Find out if your Windows PC is affected by Meltdown/Spectre vulnerabilities

Martin Brinkmann
Jan 5, 2018
Updated • Jan 12, 2018
Windows
|
49

Meltdown and Spectre are designed vulnerabilities in modern processors that allow attackers to read virtual memory arbitrarily. What this means is that attackers may read the memory of computer systems to steal passwords and other sensitive data.

The researchers that found the bug identified three variants of it. The first two variants, "bounds check bypass" and "branch target injection" go under the name Spectre, the last, "rogue data cache load," under the name Meltdown. Both vulnerabilities are described on the official Meltdownattack website. Research papers are linked on the website as well.

Affected are processors from Intel, AMD, ARM as well as operating systems and other software programs.

Microsoft released an operating system update yesterday to address the issue. It is required however that hardware firmware and other software programs are updated as well to protect against the vulnerabilities. Mozilla released a fix for Firefox 57, and patches for the latest versions of Edge and Internet Explorer are available already as well. Google will patch Chrome when Chrome 64 gets released on January 23, 2018.

Microsoft created a PowerShell script that returns whether your Windows PC is still vulnerable or if you don't have to worry about the vulnerabilities at all.

Here is what you need to do:

  1. Load an elevated PowerShell prompt. Tap on the Windows-key, type PowerShell, hold down the Shift-key and the Ctrl-key and select the PowerShell entry to load it.
  2. Type Install-Module SpeculationControl
  3. You may get a prompt stating that "NuGet provider is required to continue." Select Y to accept that.
  4. You may get a prompt stating that you are installing an "untrusted repository." Select Y to continue.
  5. Type Import-Module SpeculationControl.
  6. You may get an error stating that "running scripts" is disabled. If you do, type Set-ExecutionPolicy RemoteSigned. Repeat the command Import-Module SpeculationControl.
  7. Type Get-SpeculationControlSettings.

Tip: You can restore the default ExecutionPolicy setting by running the command Set-ExecutionPolicy Default.

The PowerShell script displays information about the vulnerability and available (installed) mitigations at this point.

meltdown spectre vulnerability script

It is a bit hard to read, but true means that protection is available while false means that it is not. If you have installed yesterday's Windows patch already, you should see some "true" listings there.

The script lists suggested actions to mitigation the issues that are still active. It is required to install a BIOS/firmware update to address those. How that is done depends on the manufacturer of the device.

Microsoft published additional information here.

Summary
Find out if your Windows PC is affected by Meltdown/Spectre vulnerabilities
Article Name
Find out if your Windows PC is affected by Meltdown/Spectre vulnerabilities
Description
Meltdown and Spectre are design vulneabilities in modern processors that allow attackers to read virtual memory arbitrarily. What this means is that attackers may read the memory of computer systems to steal passwords and other sensitive data.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. kronos said on January 15, 2018 at 10:04 am
    Reply

    To set the execution policy for current PowerShell session only (without affecting the registry), you can use this command:

    Set-ExecutionPolicy -Scope Process -ExecutionPolicy RemoteSigned

    This command does not affect the value in the registry. The variable and its value are deleted when the current session is closed.

    1. A different Martin said on January 15, 2018 at 4:47 pm
      Reply

      @kronos & @MARTIN:

      This would be a really useful change to implement to the article’s instructions. I checked my dad’s three laptops for Meltdown/Spectre vulnerabilities just yesterday, and I almost forgot to reset PowerShell’s execution policy to default on one of them. (I was doing a lot of other software maintenance on all three computers, hopping from one to the next to minimize downtime while an install, update, scan, or reboot proceeded. I was probably lucky that this was the *only* thing I almost forgot.)

      By the way, the Lenovo ThinkPad X1 Yoga (with a Skylake chipset, I believe) running Windows 10 passed the test, and the Dell Latitude E6510 and E6500 (with much older chipsets) running Windows 7 need new BIOSes/firmware. The Latitudes are relatively durable “business-class” laptops that are still working fine, but they’re getting old. It will be interesting to see whether Dell issues updated BIOSes for them. My personal observation is that Dell issues firmware and driver updates for Latitudes considerably less often and for a shorter period of time than Lenovo does for ThinkPads.

  2. A different Martin said on January 12, 2018 at 2:55 am
    Reply

    MARTIN:

    In step 6, I think you need to change “Import-Module SpeculationChannel” to “Import-Module SpeculationControl”.

    1. Martin Brinkmann said on January 12, 2018 at 7:01 am
      Reply

      Wow, you are right. Sorry for that and thanks for letting me know.

      1. A different Martin said on January 12, 2018 at 7:22 pm
        Reply

        No worries, Martin — it did no harm and it was easy enough for readers to figure out. I myself make that kind of whole-word-substitution typo increasingly often, possibly because my mind jumps ahead to the next thought while I’m still typing, my fingers go on auto-pilot, and their speculative-execution cache contains the wrong data. ;-)

        By the way, the “corrected” PowerShell commands worked fine for me, although as a first-time PowerShell user it did take me a second to figure out that of all of the PowerShell items returned by the Start Menu search, it was plain old “Windows PowerShell ISE” that I wanted and not the (x86) or Modules items.

        Unfortunately, I will apparently need an updated BIOS and firmware for full mitigation and I’m not confident that Lenovo will provide them for an 8-year-old laptop, even though it’s a ThinkPad T-series. But my laptop also has the Intel Management Engine vulnerability, so the more, the merrier, right? *Sigh*

    2. BM said on January 12, 2018 at 3:29 am
      Reply

      @A Different Martin – I did this, since I was getting an error on SpeculationChannel (“SpeculationChannell was not loaded because no valid file was found”). However, no results… just the cmd prompt (C:\WINDOWS\system32>) reappeared.

      1. BM said on January 12, 2018 at 3:35 am
        Reply

        Resolved with re-running the commands yet again, as Martin B suggests immediately above.

  3. Sebasti said on January 11, 2018 at 12:39 pm
    Reply

    Odd… I’m not getting past Import-Module SpeculationControl.

    It gives me:
    “Import-Module : The specified module ‘SpeculationControl.’ was not loaded because no valid module file was found in any module directory.
    At line:1 char:1
    + Import-Module SpeculationControl.
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : ResourceUnavailable: (SpeculationControl.:String) [Import-Module], FileNotFoundException
    + FullyQualifiedErrorId : Modules_ModuleNotFound,Microsoft.PowerShell.Commands.ImportModuleCommand”

    Anyone got a clue as to what goes wrong here?

    1. Martin Brinkmann said on January 11, 2018 at 1:19 pm
      Reply

      Try re-running all commands. It seems that the download or integration was not successful.

  4. Fredrick said on January 9, 2018 at 12:39 pm
    Reply

    Great article. I’ve done all the updates (bios etc) for my i7-8700k Asus-Z370 Win10 system but still have two unresolved issues listing as “False”, they are:

    BTIDDisabledBySystemPolicy :False
    BTIDDisabledByNoHardwareSupport :False

    Any idea what these are and how they can be fixed? Or is it something which will have to come in a future bios or windows update? I’ve tried googling but it didn’t turn up much. Thanks.

    1. Martin Brinkmann said on January 9, 2018 at 12:49 pm
      Reply

      The vulnerability can only be fixed if software and hardware are patched. You need to wait for the hardware manufacturer to release an update as well.

  5. and said on January 9, 2018 at 5:11 am
    Reply

    Question: Does the above apply to Windows 7 (Ultimate, X64, on a 2008 Tosh Satellite w/Intel)? I had same prob as Anonymous Nobody, top. I’ll send something in any case: VISA ok? This is so educationamal for a neophyte like moi. You guys keep my attention w/out cursing. You’re literate. 3rd such site I found today. Intelligence trending, or did I just get lucky?

  6. iron2000 said on January 8, 2018 at 1:58 am
    Reply

    I think this is the list of motherboards ASUS will update with the Intel fix:
    https://www.asus.com/News/V5urzYAT6myCC1o2

    Looks like my motherboard is already not in support.
    I think many will be left vulnerable.

    1. Lee said on January 8, 2018 at 7:38 am
      Reply

      The vast majority of systems currently in use will not be patched. You’re out of luck if you’re using something more than 1-2 years old, and 2 is even stretching it. Extreme pressure would have to be put on these manufacturers to get them to do anything about systems older than that.

  7. Me said on January 6, 2018 at 3:43 pm
    Reply

    Ryzen is also reported to be affected by at least one of the three issues. So don’t be too smug.

    1. Arthur said on January 7, 2018 at 1:21 pm
      Reply

      Only Meltdown causes real performance loss and it only affects Intel. AMD has already released patches for Spectre, but those don’t cause drops in performance.

      … So yeah, feels good to be on Ryzen. :P

  8. Guest703 said on January 6, 2018 at 1:03 pm
    Reply

    Man it sure feels good to be Ryzen.

  9. IntelMelt said on January 6, 2018 at 11:32 am
    Reply

    Is my backup laptop/pc 2006 Intel Core 2 Duo CPU HP Pavilion affected? Good thing I dont often upgrade my pc, last I bought was their 2nd Gen i7 CPU(2010/11) w/c sadly is affected….

    Probably gonna move to AMD when I get a new powerbox pc and ditch the vulnerable 2010-2017 CPU’s.

    1. Lee said on January 8, 2018 at 7:37 am
      Reply

      There’s no CPU that isn’t affected, including AMD.

  10. seeprime said on January 5, 2018 at 7:06 pm
    Reply

    ADWcleaner and Rogue Killer are good scanners to use to clean out a system, after cleaning out all system temp files. Rogue Killer is slow as molasses, and might cause some people to lose patience.

  11. SFer said on January 5, 2018 at 4:03 pm
    Reply

    And for Ubuntu LINUX PCs?
    Anything we can/should do?

    Thks!

    1. JoHN5 said on January 5, 2018 at 6:21 pm
      Reply

      Ubuntu users can expect updated kernels by the original January 9, 2018 coordinated release date, and sooner if possible.
      https://insights.ubuntu.com/2018/01/04/ubuntu-updates-for-the-meltdown-spectre-vulnerabilities/

      1. SFer said on January 6, 2018 at 4:57 pm
        Reply

        Thanks f/the quick reply, JoHN5.

        The UBUNTU tech folks
        will update 64-bit versions 1st (Jan 9…),
        and later (HOPEFULLY SOON!),
        will update the 32-bit versions of Ubuntu.
        (no ETA for that yet).

        We have a slew of PCs
        running 32-bit UBUNTU just fine
        but cannot afford to change all our hardware
        to run 64-bits…
        SO, hoping for soon…

  12. XenoSilvano said on January 5, 2018 at 3:42 pm
    Reply

    My prospects are undesirable for the time being, the latest update for the UEFI from the manufacturer of the computer I use is from last year

    many thanks for bring this to our attention Martin

  13. Anonymous said on January 5, 2018 at 3:39 pm
    Reply

    “vulnerabilities in modern processors”

    First I don’t even know from what time a processor is called “modern”.

    1. ilev said on January 8, 2018 at 8:59 am
      Reply

      @Lee
      No, it can’t be fixed with Bios and firmware. The only way is to flush the CPU micro-code and re-install new code, which of course can’t be done by users.

  14. Ivan said on January 5, 2018 at 11:41 am
    Reply

    ASUS has not released a BIOS update for my board yet :(

    1. chesscanoe said on January 6, 2018 at 6:13 pm
      Reply

      My ASUS laptop does not have a firmware fix available either, as expected. I have an unanswered request for more information awaiting ASUS response.

      1. ilev said on January 7, 2018 at 6:42 pm
        Reply

        This has nothing to do with Bios and can’t be fixed by firmware update.
        To be fixed you need a new CPU (for your PC, Smartphone, Tablet, SmartHome device..), without a bug, None is available, and won’t be for a long time.
        Those OS patches are just circumventing the bugs, not fixing anything.

      2. Lee said on January 8, 2018 at 7:37 am
        Reply

        And yes, it can be fixed with BIOS and firmware updates. In fact, that is the ONLY way to fix it.

      3. Lee said on January 8, 2018 at 7:36 am
        Reply

        There is no CPU to purchase that is not affected, and it will probably be five years before one hits the market. Good luck.

      4. chesscanoe said on January 6, 2018 at 7:50 pm
        Reply

        https://www.asus.com/News/ last dated 2018-01-05 simply says “ASUS is aware that the current Intel® microcode version might be subject to recently identified security vulnerabilities.” ( Stay tuned….)

  15. Ivan said on January 5, 2018 at 11:37 am
    Reply

    How come the nuget repo is untrustworthy, if this is a script written by Microsoft?

    1. Heimen Stoffels said on January 5, 2018 at 1:14 pm
      Reply

      Maybe it’s an unstable/testing repo.

      1. Ivan said on January 5, 2018 at 1:18 pm
        Reply

        What does that have to do with SSL Certificates?

      2. Cristian said on January 12, 2018 at 3:43 pm
        Reply

        Indeed

  16. riri0 said on January 5, 2018 at 9:44 am
    Reply

    For people having issues getting step 6 to work, specifically with “Set-ExecutionPolicy RemoteSigned” command, you can follow instructions below to set it using Group Policy Editor.

    https://stackoverflow.com/questions/27753917/how-do-you-successfully-change-execution-policy-and-enable-execution-of-powershe

  17. Rick said on January 5, 2018 at 8:52 am
    Reply

    The matter of PCID is curious here, where I know a given CPU has it (e.g. i5-2500k), and tools like Coreinfo show that it’s there, but this script shows that line as False (and SpecuCheck, a similar utility to MS’s script, agrees).

  18. Dave said on January 5, 2018 at 6:57 am
    Reply

    Will the command “Set-ExecutionPolicy RemoteSigned” make a permanent change or a temporary one?

    If it’s not temporary, how do we disable the running of scripts again?

    1. jupe said on January 5, 2018 at 9:30 am
      Reply

      I think (not confirmed) you should be able to run “Set-ExecutionPolicy Bypass -Command Import-Module SpeculationControl” for a temporary alternative.

      1. jupe said on January 5, 2018 at 9:39 am
        Reply

        Ignore my previous comment if it doesn’t work, but this command below should only make a temporary change until you close the Powershell window, still not confirmed to work in the articles context though sorry.

        Set-ExecutionPolicy Bypass -Scope Process

    2. Martin Brinkmann said on January 5, 2018 at 7:22 am
      Reply

      You can restore the default value with the command Set-ExecutionPolicy Default.

      1. Dave said on January 5, 2018 at 5:59 pm
        Reply

        Thanks for the reply.

        FYI: As others have commented, even though I subscribe to “Replies to my comments” in the drop down below, and enter a valid email, I never get any notifications.

  19. Jojo said on January 5, 2018 at 6:50 am
    Reply

    The NY Times is suggesting that people run an ad blocker for Meltdown/Spectre.
    ========
    What should I do as a consumer?

    Keep your software up-to-date. That includes your operating system and apps like your web browser and antivirus software. Microsoft, Mozilla and Google have already released patches for Internet Explorer, Firefox and Chrome to help address the problem.

    Installing an ad blocker on your web browser is also a safeguard, according to security experts. Even the largest websites do not have tight control over the ads that appear on their sites — sometimes malicious code can appear inside their ad networks. A popular ad blocker among security researchers is uBlock Origin.

    “The real problem is ads are dangerous,” said Jeremiah Grossman, the head of security strategy for SentinelOne, a computer security company. “They’re fully functioning programs, and they carry malware.”

    https://www.nytimes.com/2018/01/04/technology/meltdown-spectre-questions.html

  20. Martin Brinkmann said on January 5, 2018 at 6:46 am
    Reply

    You may need to update to a newer version of PowerShell first. I ran the script on a Windows 10 machine and it worked fine on it. See: https://docs.microsoft.com/en-us/powershell/scripting/setup/installing-windows-powershell?view=powershell-5.1

    1. Anonymous said on January 8, 2018 at 11:14 pm
      Reply

      1.
      You have to uninstall Win Mgmt Framework

      wusa /uninstall /quiet /kb:2506143

      https://docs.microsoft.com/en-us/powershell/wmf/5.1/install-configure

      2.
      Install WMF 5.1

      Download and install WMF 5.1

      https://docs.microsoft.com/en-us/powershell/wmf/5.1/install-configure

      3.
      Run the save

      Save-Module -Name SpeculationControl -Path

      and run the install

      Install-Module -Name SpeculationControl

    2. TimH said on January 5, 2018 at 6:09 pm
      Reply

      Installed latest PS 6.00RC on Win8.1-64, same “The term ‘Install-Module’ is not recognized…” problem

      Maybe Win10 only?

      1. TimH said on January 5, 2018 at 6:20 pm
        Reply

        Oops, wasn’t running PS 6. Have to explicitly ask for 6, just running PowerShell runs the old one.

        Yes, PS6 works this on Win8.1-64

  21. Anonymous Nobody said on January 5, 2018 at 6:43 am
    Reply

    On Windows 7 Ultimate it returns this

    The term ‘Install-Module’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check
    the spelling of the name, or if a path was included, verify that the path is correct and try again.
    At line:1 char:15
    + Install-Module <<<< SpeculationControl
    + CategoryInfo : ObjectNotFound: (Install-Module:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.