Checking Hardware Vulnerability to Spectre and Meltdown
Microsoft released a module a couple of years ago (updated 3 weeks ago) that you can use to identify whether your hardware is vulnerable against Spectre and Meltdown threats. To try this, install the module from the PowerShell Gallery:
To run the test suite and see results, then type this
PS> Get-SpeculationControlSettings
This shows the test results for your machine and may look similar to this
For more information about the output below, please refer to https://support.microsoft.com/help/4074629Speculation control settings for CVE-2017-5715 [branch target injection]Hardware support for branch target injection mitigation is present: TrueWindows OS support for branch target injection mitigation is present: TrueWindows OS support for branch target injection mitigation is enabled: TrueSpeculation control settings for CVE-2017-5754 [rogue data cache load]Hardware is vulnerable to rogue data cache load: FalseHardware requires kernel VA shadowing: FalseSpeculation control settings for CVE-2018-3639 [speculative store bypass]Hardware is vulnerable to speculative store bypass: TrueHardware support for speculative store bypass disable is present: TrueWindows OS support for speculative store bypass disable is present: TrueWindows OS support for speculative store bypass disable is enabled system-wide: FalseSpeculation control settings for CVE-2018-3620 [L1 terminal fault]Hardware is vulnerable to L1 terminal fault: FalseSpeculation control settings for MDS [microarchitectural data sampling]Windows OS support for MDS mitigation is present: TrueHardware is vulnerable to MDS: FalseSpeculation control settings for SBDR [shared buffers data read]Windows OS support for SBDR mitigation is present: TrueHardware is vulnerable to SBDR: TrueWindows OS support for SBDR mitigation is enabled: FalseSpeculation control settings for FBSDP [fill buffer stale data propagator]Windows OS support for FBSDP mitigation is present: TrueHardware is vulnerable to FBSDP: TrueWindows OS support for FBSDP mitigation is enabled: FalseSpeculation control settings for PSDP [primary stale data propagator]Windows OS support for PSDP mitigation is present: TrueHardware is vulnerable to PSDP: TrueWindows OS support for PSDP mitigation is enabled: FalseSuggested actions * Follow the guidance for enabling Windows Client support for speculation control
mitigations described in https://support.microsoft.com/help/4073119BTIHardwarePresent : TrueBTIWindowsSupportPresent : TrueBTIWindowsSupportEnabled : TrueBTIDisabledBySystemPolicy : FalseBTIDisabledByNoHardwareSupport : FalseBTIKernelRetpolineEnabled : FalseBTIKernelImportOptimizationEnabled : TrueRdclHardwareProtectedReported : TrueRdclHardwareProtected : TrueKVAShadowRequired : FalseKVAShadowWindowsSupportPresent : TrueKVAShadowWindowsSupportEnabled : FalseKVAShadowPcidEnabled : FalseSSBDWindowsSupportPresent : TrueSSBDHardwareVulnerable : TrueSSBDHardwarePresent : TrueSSBDWindowsSupportEnabledSystemWide : FalseL1TFHardwareVulnerable : FalseL1TFWindowsSupportPresent : TrueL1TFWindowsSupportEnabled : FalseL1TFInvalidPteBit : 0L1DFlushSupported : TrueHvL1tfStatusAvailable : TrueHvL1tfProcessorNotAffected : TrueMDSWindowsSupportPresent : TrueMDSHardwareVulnerable : FalseMDSWindowsSupportEnabled : FalseFBClearWindowsSupportPresent : TrueSBDRSSDPHardwareVulnerable : TrueFBSDPHardwareVulnerable : TruePSDPHardwareVulnerable : TrueFBClearWindowsSupportEnabled : FalsePS>