I hope you already heard the “ZombiLoad” or microarchitectural data sampling (MDS) vulnerability and this post is to Check Vulnerable Status For Windows Systems against the released security advisories with Get-SpeculationControlSettings PowerShell script. Actually, this was a part of the recommended actions in the Microsoft guidelines, many readers asked about this step and I thought to publish these simple steps for them to understand.
Latest operating systems can use the PowerShell Gallery to import and install the modules otherwise, for old operating systems script can be downloaded here.
Basically, nine Security vulnerabilities are covered in this script
- CVE-2017-5715 (branch target injection)
- CVE-2017-5753 (bounds check bypass)
- CVE-2017-5754 (rogue data cache load)
- CVE-2018-3639 (speculative store bypass)
- CVE-2018-3620 (L1 terminal fault – OS)
- CVE-2018-11091 (Microarchitectural Data Sampling Uncacheable Memory (MDSUM))
- CVE-2018-12126 (Microarchitectural Store Buffer Data Sampling (MSBDS))
- CVE-2018-12127 (Microarchitectural Load Port Data Sampling (MLPDS))
- CVE-2018-12130 (Microarchitectural Fill Buffer Data Sampling (MFBDS))
Protection for CVE-2017-5753 (bounds check) does not require additional registry settings or firmware updates.
How To Work With The Script
To install the PowerShell module execute the below command
Install-Module SpeculationControlMake sure to set the Execution Policy to to “RemoteSigned”, if it set to a different policy prior to the script execution
Use below piece of command to save the current policy setting to a variable if you need reset after the Script execution
$SaveExecutionPolicy = Get-ExecutionPolicySet the execution policy to the current user with the below command
Set-ExecutionPolicy RemoteSigned -Scope CurrentuserBelow screen capture shows the complete steps up to this point
Import the module
Import-Module SpeculationControlRun the below command to check the setting status
Get-SpeculationControlSettingsHere is a sample output of one of the Windows system, which I executed earlier
If you need to rest the execution policy back to the same setting execute the below command
Set-ExecutionPolicy $SaveExecutionPolicy -Scope Currentuser
Now you can check the security status of the system
