Loading Posts...

How To Check Vulnerable Status For Windows Systems With Get-SpeculationControlSettings PowerShell Script

I hope you already heard the “ZombiLoad” or microarchitectural data sampling (MDS) vulnerability and this post is to Check Vulnerable Status For Windows Systems against the released security advisories with Get-SpeculationControlSettings PowerShell script. Actually, this was a part of the recommended actions in the Microsoft guidelines, many readers asked about this step and I thought to publish these simple steps for them to understand.

Latest operating systems can use the PowerShell Gallery to import and install the modules otherwise, for old operating systems script can be downloaded here.

Basically, nine Security vulnerabilities are covered in this script

  • CVE-2017-5715 (branch target injection)
  • CVE-2017-5753 (bounds check bypass)
  • CVE-2017-5754 (rogue data cache load)
  • CVE-2018-3639 (speculative store bypass)
  • CVE-2018-3620 (L1 terminal fault – OS)
  • CVE-2018-11091 (Microarchitectural Data Sampling Uncacheable Memory (MDSUM))
  • CVE-2018-12126 (Microarchitectural Store Buffer Data Sampling (MSBDS))
  • CVE-2018-12127 (Microarchitectural Load Port Data Sampling (MLPDS))
  • CVE-2018-12130 (Microarchitectural Fill Buffer Data Sampling (MFBDS))

Protection for CVE-2017-5753 (bounds check) does not require additional registry settings or firmware updates.


How To Work With The Script

To install the PowerShell module execute the below command

Install-Module SpeculationControl

Make sure to set the Execution Policy to to “RemoteSigned”, if it set to a different policy prior to the script execution

Use below piece of command to save the current policy setting to a variable if you need reset after the Script execution

$SaveExecutionPolicy = Get-ExecutionPolicy

Set the execution policy to the current user with the below command

Set-ExecutionPolicy RemoteSigned -Scope Currentuser

Below screen capture shows the complete steps up to this point

Check Vulnerable Status For Windows Systems : Install Modules

Import the module

Import-Module SpeculationControl

Run the below command to check the setting status


Here is a sample output of one of the Windows system, which I executed earlier

Check Vulnerable Status For Windows Systems Get the Status

If you need to rest the execution policy back to the same setting execute the below command

Set-ExecutionPolicy $SaveExecutionPolicy -Scope Currentuser
Check Vulnerable Status For Windows Systems Reset execution policy

Now you can check the security status of the system

Click to rate this post!
[Total: 10 Average: 4.6]

Aruna Fernando

"Sharing knowledge doesn't put your job at risk - iron sharpen iron" I heard this and it's true.

Get Updates Directly To Your Inbox!


Leave a Comment

Loading Posts...