Find out if your Windows PC is affected by Meltdown/Spectre vulnerabilities - gHacks Tech News

Find out if your Windows PC is affected by Meltdown/Spectre vulnerabilities

Meltdown and Spectre are designed vulnerabilities in modern processors that allow attackers to read virtual memory arbitrarily. What this means is that attackers may read the memory of computer systems to steal passwords and other sensitive data.

The researchers that found the bug identified three variants of it. The first two variants, "bounds check bypass" and "branch target injection" go under the name Spectre, the last, "rogue data cache load," under the name Meltdown. Both vulnerabilities are described on the official Meltdownattack website. Research papers are linked on the website as well.

Affected are processors from Intel, AMD, ARM as well as operating systems and other software programs.

Microsoft released an operating system update yesterday to address the issue. It is required however that hardware firmware and other software programs are updated as well to protect against the vulnerabilities. Mozilla released a fix for Firefox 57, and patches for the latest versions of Edge and Internet Explorer are available already as well. Google will patch Chrome when Chrome 64 gets released on January 23, 2018.

Microsoft created a PowerShell script that returns whether your Windows PC is still vulnerable or if you don't have to worry about the vulnerabilities at all.

Here is what you need to do:

  1. Load an elevated PowerShell prompt. Tap on the Windows-key, type PowerShell, hold down the Shift-key and the Ctrl-key and select the PowerShell entry to load it.
  2. Type Install-Module SpeculationControl
  3. You may get a prompt stating that "NuGet provider is required to continue." Select Y to accept that.
  4. You may get a prompt stating that you are installing an "untrusted repository." Select Y to continue.
  5. Type Import-Module SpeculationControl.
  6. You may get an error stating that "running scripts" is disabled. If you do, type Set-ExecutionPolicy RemoteSigned. Repeat the command Import-Module SpeculationControl.
  7. Type Get-SpeculationControlSettings.

Tip: You can restore the default ExecutionPolicy setting by running the command Set-ExecutionPolicy Default.

The PowerShell script displays information about the vulnerability and available (installed) mitigations at this point.

meltdown spectre vulnerability script

It is a bit hard to read, but true means that protection is available while false means that it is not. If you have installed yesterday's Windows patch already, you should see some "true" listings there.

The script lists suggested actions to mitigation the issues that are still active. It is required to install a BIOS/firmware update to address those. How that is done depends on the manufacturer of the device.

Microsoft published additional information here.

Summary
Find out if your Windows PC is affected by Meltdown/Spectre vulnerabilities
Article Name
Find out if your Windows PC is affected by Meltdown/Spectre vulnerabilities
Description
Meltdown and Spectre are design vulneabilities in modern processors that allow attackers to read virtual memory arbitrarily. What this means is that attackers may read the memory of computer systems to steal passwords and other sensitive data.
Author
Publisher
Ghacks Technology News
Logo




  • We need your help

    Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

    We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

    If you like our content, and would like to help, please consider making a contribution:

    Comments

    1. Anonymous Nobody said on January 5, 2018 at 6:43 am
      Reply

      On Windows 7 Ultimate it returns this

      The term ‘Install-Module’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check
      the spelling of the name, or if a path was included, verify that the path is correct and try again.
      At line:1 char:15
      + Install-Module <<<< SpeculationControl
      + CategoryInfo : ObjectNotFound: (Install-Module:String) [], CommandNotFoundException
      + FullyQualifiedErrorId : CommandNotFoundException

    2. Martin Brinkmann said on January 5, 2018 at 6:46 am
      Reply

      You may need to update to a newer version of PowerShell first. I ran the script on a Windows 10 machine and it worked fine on it. See: https://docs.microsoft.com/en-us/powershell/scripting/setup/installing-windows-powershell?view=powershell-5.1

      1. TimH said on January 5, 2018 at 6:09 pm
        Reply

        Installed latest PS 6.00RC on Win8.1-64, same “The term ‘Install-Module’ is not recognized…” problem

        Maybe Win10 only?

        1. TimH said on January 5, 2018 at 6:20 pm
          Reply

          Oops, wasn’t running PS 6. Have to explicitly ask for 6, just running PowerShell runs the old one.

          Yes, PS6 works this on Win8.1-64

      2. Anonymous said on January 8, 2018 at 11:14 pm
        Reply

        1.
        You have to uninstall Win Mgmt Framework

        wusa /uninstall /quiet /kb:2506143

        https://docs.microsoft.com/en-us/powershell/wmf/5.1/install-configure

        2.
        Install WMF 5.1

        Download and install WMF 5.1

        https://docs.microsoft.com/en-us/powershell/wmf/5.1/install-configure

        3.
        Run the save

        Save-Module -Name SpeculationControl -Path

        and run the install

        Install-Module -Name SpeculationControl

    3. Jojo said on January 5, 2018 at 6:50 am
      Reply

      The NY Times is suggesting that people run an ad blocker for Meltdown/Spectre.
      ========
      What should I do as a consumer?

      Keep your software up-to-date. That includes your operating system and apps like your web browser and antivirus software. Microsoft, Mozilla and Google have already released patches for Internet Explorer, Firefox and Chrome to help address the problem.

      Installing an ad blocker on your web browser is also a safeguard, according to security experts. Even the largest websites do not have tight control over the ads that appear on their sites — sometimes malicious code can appear inside their ad networks. A popular ad blocker among security researchers is uBlock Origin.

      “The real problem is ads are dangerous,” said Jeremiah Grossman, the head of security strategy for SentinelOne, a computer security company. “They’re fully functioning programs, and they carry malware.”

      https://www.nytimes.com/2018/01/04/technology/meltdown-spectre-questions.html

    4. Dave said on January 5, 2018 at 6:57 am
      Reply

      Will the command “Set-ExecutionPolicy RemoteSigned” make a permanent change or a temporary one?

      If it’s not temporary, how do we disable the running of scripts again?

      1. Martin Brinkmann said on January 5, 2018 at 7:22 am
        Reply

        You can restore the default value with the command Set-ExecutionPolicy Default.

        1. Dave said on January 5, 2018 at 5:59 pm
          Reply

          Thanks for the reply.

          FYI: As others have commented, even though I subscribe to “Replies to my comments” in the drop down below, and enter a valid email, I never get any notifications.

      2. jupe said on January 5, 2018 at 9:30 am
        Reply

        I think (not confirmed) you should be able to run “Set-ExecutionPolicy Bypass -Command Import-Module SpeculationControl” for a temporary alternative.

        1. jupe said on January 5, 2018 at 9:39 am
          Reply

          Ignore my previous comment if it doesn’t work, but this command below should only make a temporary change until you close the Powershell window, still not confirmed to work in the articles context though sorry.

          Set-ExecutionPolicy Bypass -Scope Process

    5. Rick said on January 5, 2018 at 8:52 am
      Reply

      The matter of PCID is curious here, where I know a given CPU has it (e.g. i5-2500k), and tools like Coreinfo show that it’s there, but this script shows that line as False (and SpecuCheck, a similar utility to MS’s script, agrees).

    6. riri0 said on January 5, 2018 at 9:44 am
      Reply

      For people having issues getting step 6 to work, specifically with “Set-ExecutionPolicy RemoteSigned” command, you can follow instructions below to set it using Group Policy Editor.

      https://stackoverflow.com/questions/27753917/how-do-you-successfully-change-execution-policy-and-enable-execution-of-powershe

    7. Ivan said on January 5, 2018 at 11:37 am
      Reply

      How come the nuget repo is untrustworthy, if this is a script written by Microsoft?

      1. Heimen Stoffels said on January 5, 2018 at 1:14 pm
        Reply

        Maybe it’s an unstable/testing repo.

        1. Ivan said on January 5, 2018 at 1:18 pm
          Reply

          What does that have to do with SSL Certificates?

        2. Cristian said on January 12, 2018 at 3:43 pm
          Reply

          Indeed

    8. Ivan said on January 5, 2018 at 11:41 am
      Reply

      ASUS has not released a BIOS update for my board yet :(

      1. chesscanoe said on January 6, 2018 at 6:13 pm
        Reply

        My ASUS laptop does not have a firmware fix available either, as expected. I have an unanswered request for more information awaiting ASUS response.

        1. chesscanoe said on January 6, 2018 at 7:50 pm
          Reply

          https://www.asus.com/News/ last dated 2018-01-05 simply says “ASUS is aware that the current Intel® microcode version might be subject to recently identified security vulnerabilities.” ( Stay tuned….)

        2. ilev said on January 7, 2018 at 6:42 pm
          Reply

          This has nothing to do with Bios and can’t be fixed by firmware update.
          To be fixed you need a new CPU (for your PC, Smartphone, Tablet, SmartHome device..), without a bug, None is available, and won’t be for a long time.
          Those OS patches are just circumventing the bugs, not fixing anything.

        3. Lee said on January 8, 2018 at 7:36 am
          Reply

          There is no CPU to purchase that is not affected, and it will probably be five years before one hits the market. Good luck.

        4. Lee said on January 8, 2018 at 7:37 am
          Reply

          And yes, it can be fixed with BIOS and firmware updates. In fact, that is the ONLY way to fix it.

    9. Anonymous said on January 5, 2018 at 3:39 pm
      Reply

      “vulnerabilities in modern processors”

      First I don’t even know from what time a processor is called “modern”.

      1. ilev said on January 8, 2018 at 8:59 am
        Reply

        @Lee
        No, it can’t be fixed with Bios and firmware. The only way is to flush the CPU micro-code and re-install new code, which of course can’t be done by users.

    10. XenoSilvano said on January 5, 2018 at 3:42 pm
      Reply

      My prospects are undesirable for the time being, the latest update for the UEFI from the manufacturer of the computer I use is from last year

      many thanks for bring this to our attention Martin

    11. SFer said on January 5, 2018 at 4:03 pm
      Reply

      And for Ubuntu LINUX PCs?
      Anything we can/should do?

      Thks!

      1. JoHN5 said on January 5, 2018 at 6:21 pm
        Reply

        Ubuntu users can expect updated kernels by the original January 9, 2018 coordinated release date, and sooner if possible.
        https://insights.ubuntu.com/2018/01/04/ubuntu-updates-for-the-meltdown-spectre-vulnerabilities/

        1. SFer said on January 6, 2018 at 4:57 pm
          Reply

          Thanks f/the quick reply, JoHN5.

          The UBUNTU tech folks
          will update 64-bit versions 1st (Jan 9…),
          and later (HOPEFULLY SOON!),
          will update the 32-bit versions of Ubuntu.
          (no ETA for that yet).

          We have a slew of PCs
          running 32-bit UBUNTU just fine
          but cannot afford to change all our hardware
          to run 64-bits…
          SO, hoping for soon…

    12. seeprime said on January 5, 2018 at 7:06 pm
      Reply

      ADWcleaner and Rogue Killer are good scanners to use to clean out a system, after cleaning out all system temp files. Rogue Killer is slow as molasses, and might cause some people to lose patience.

    13. IntelMelt said on January 6, 2018 at 11:32 am
      Reply

      Is my backup laptop/pc 2006 Intel Core 2 Duo CPU HP Pavilion affected? Good thing I dont often upgrade my pc, last I bought was their 2nd Gen i7 CPU(2010/11) w/c sadly is affected….

      Probably gonna move to AMD when I get a new powerbox pc and ditch the vulnerable 2010-2017 CPU’s.

      1. Lee said on January 8, 2018 at 7:37 am
        Reply

        There’s no CPU that isn’t affected, including AMD.

    14. Guest703 said on January 6, 2018 at 1:03 pm
      Reply

      Man it sure feels good to be Ryzen.

    15. Me said on January 6, 2018 at 3:43 pm
      Reply

      Ryzen is also reported to be affected by at least one of the three issues. So don’t be too smug.

      1. Arthur said on January 7, 2018 at 1:21 pm
        Reply

        Only Meltdown causes real performance loss and it only affects Intel. AMD has already released patches for Spectre, but those don’t cause drops in performance.

        … So yeah, feels good to be on Ryzen. :P

    16. iron2000 said on January 8, 2018 at 1:58 am
      Reply

      I think this is the list of motherboards ASUS will update with the Intel fix:
      https://www.asus.com/News/V5urzYAT6myCC1o2

      Looks like my motherboard is already not in support.
      I think many will be left vulnerable.

      1. Lee said on January 8, 2018 at 7:38 am
        Reply

        The vast majority of systems currently in use will not be patched. You’re out of luck if you’re using something more than 1-2 years old, and 2 is even stretching it. Extreme pressure would have to be put on these manufacturers to get them to do anything about systems older than that.

    17. and said on January 9, 2018 at 5:11 am
      Reply

      Question: Does the above apply to Windows 7 (Ultimate, X64, on a 2008 Tosh Satellite w/Intel)? I had same prob as Anonymous Nobody, top. I’ll send something in any case: VISA ok? This is so educationamal for a neophyte like moi. You guys keep my attention w/out cursing. You’re literate. 3rd such site I found today. Intelligence trending, or did I just get lucky?

    18. Fredrick said on January 9, 2018 at 12:39 pm
      Reply

      Great article. I’ve done all the updates (bios etc) for my i7-8700k Asus-Z370 Win10 system but still have two unresolved issues listing as “False”, they are:

      BTIDDisabledBySystemPolicy :False
      BTIDDisabledByNoHardwareSupport :False

      Any idea what these are and how they can be fixed? Or is it something which will have to come in a future bios or windows update? I’ve tried googling but it didn’t turn up much. Thanks.

      1. Martin Brinkmann said on January 9, 2018 at 12:49 pm
        Reply

        The vulnerability can only be fixed if software and hardware are patched. You need to wait for the hardware manufacturer to release an update as well.

    19. Sebasti said on January 11, 2018 at 12:39 pm
      Reply

      Odd… I’m not getting past Import-Module SpeculationControl.

      It gives me:
      “Import-Module : The specified module ‘SpeculationControl.’ was not loaded because no valid module file was found in any module directory.
      At line:1 char:1
      + Import-Module SpeculationControl.
      + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo : ResourceUnavailable: (SpeculationControl.:String) [Import-Module], FileNotFoundException
      + FullyQualifiedErrorId : Modules_ModuleNotFound,Microsoft.PowerShell.Commands.ImportModuleCommand”

      Anyone got a clue as to what goes wrong here?

      1. Martin Brinkmann said on January 11, 2018 at 1:19 pm
        Reply

        Try re-running all commands. It seems that the download or integration was not successful.

    20. A different Martin said on January 12, 2018 at 2:55 am
      Reply

      MARTIN:

      In step 6, I think you need to change “Import-Module SpeculationChannel” to “Import-Module SpeculationControl”.

      1. BM said on January 12, 2018 at 3:29 am
        Reply

        @A Different Martin – I did this, since I was getting an error on SpeculationChannel (“SpeculationChannell was not loaded because no valid file was found”). However, no results… just the cmd prompt (C:\WINDOWS\system32>) reappeared.

        1. BM said on January 12, 2018 at 3:35 am
          Reply

          Resolved with re-running the commands yet again, as Martin B suggests immediately above.

      2. Martin Brinkmann said on January 12, 2018 at 7:01 am
        Reply

        Wow, you are right. Sorry for that and thanks for letting me know.

        1. A different Martin said on January 12, 2018 at 7:22 pm
          Reply

          No worries, Martin — it did no harm and it was easy enough for readers to figure out. I myself make that kind of whole-word-substitution typo increasingly often, possibly because my mind jumps ahead to the next thought while I’m still typing, my fingers go on auto-pilot, and their speculative-execution cache contains the wrong data. ;-)

          By the way, the “corrected” PowerShell commands worked fine for me, although as a first-time PowerShell user it did take me a second to figure out that of all of the PowerShell items returned by the Start Menu search, it was plain old “Windows PowerShell ISE” that I wanted and not the (x86) or Modules items.

          Unfortunately, I will apparently need an updated BIOS and firmware for full mitigation and I’m not confident that Lenovo will provide them for an 8-year-old laptop, even though it’s a ThinkPad T-series. But my laptop also has the Intel Management Engine vulnerability, so the more, the merrier, right? *Sigh*

    21. kronos said on January 15, 2018 at 10:04 am
      Reply

      To set the execution policy for current PowerShell session only (without affecting the registry), you can use this command:

      Set-ExecutionPolicy -Scope Process -ExecutionPolicy RemoteSigned

      This command does not affect the value in the registry. The variable and its value are deleted when the current session is closed.

      1. A different Martin said on January 15, 2018 at 4:47 pm
        Reply

        @kronos & @MARTIN:

        This would be a really useful change to implement to the article’s instructions. I checked my dad’s three laptops for Meltdown/Spectre vulnerabilities just yesterday, and I almost forgot to reset PowerShell’s execution policy to default on one of them. (I was doing a lot of other software maintenance on all three computers, hopping from one to the next to minimize downtime while an install, update, scan, or reboot proceeded. I was probably lucky that this was the *only* thing I almost forgot.)

        By the way, the Lenovo ThinkPad X1 Yoga (with a Skylake chipset, I believe) running Windows 10 passed the test, and the Dell Latitude E6510 and E6500 (with much older chipsets) running Windows 7 need new BIOSes/firmware. The Latitudes are relatively durable “business-class” laptops that are still working fine, but they’re getting old. It will be interesting to see whether Dell issues updated BIOSes for them. My personal observation is that Dell issues firmware and driver updates for Latitudes considerably less often and for a shorter period of time than Lenovo does for ThinkPads.

    Leave a Reply