SpeculationControl: Use PowerShell to Check for Risks

Checking Hardware Vulnerability to Spectre and Meltdown

Microsoft released a module a couple of years ago (updated 3 weeks ago) that you can use to identify whether your hardware is vulnerable against Spectre and Meltdown threats. To try this, install the module from the PowerShell Gallery:

Install-Module -Name SpeculationControl -Scope CurrentUser

To run the test suite and see results, then type this

 
PS> Get-SpeculationControlSettings

This shows the test results for your machine and may look similar to this

 
For more information about the output below, please refer to https://support.microsoft.com/help/4074629
Speculation control settings for CVE-2017-5715 [branch target injection]
Hardware support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: True
Speculation control settings for CVE-2017-5754 [rogue data cache load]
Hardware is vulnerable to rogue data cache load: False
Hardware requires kernel VA shadowing: False
Speculation control settings for CVE-2018-3639 [speculative store bypass]
Hardware is vulnerable to speculative store bypass: True
Hardware support for speculative store bypass disable is present: True
Windows OS support for speculative store bypass disable is present: True
Windows OS support for speculative store bypass disable is enabled system-wide: False
Speculation control settings for CVE-2018-3620 [L1 terminal fault]
Hardware is vulnerable to L1 terminal fault: False
Speculation control settings for MDS [microarchitectural data sampling]
Windows OS support for MDS mitigation is present: True
Hardware is vulnerable to MDS: False
Speculation control settings for SBDR [shared buffers data read]
Windows OS support for SBDR mitigation is present: True
Hardware is vulnerable to SBDR: True
Windows OS support for SBDR mitigation is enabled: False
Speculation control settings for FBSDP [fill buffer stale data propagator]
Windows OS support for FBSDP mitigation is present: True
Hardware is vulnerable to FBSDP: True
Windows OS support for FBSDP mitigation is enabled: False
Speculation control settings for PSDP [primary stale data propagator]
Windows OS support for PSDP mitigation is present: True
Hardware is vulnerable to PSDP: True
Windows OS support for PSDP mitigation is enabled: False
Suggested actions
 * Follow the guidance for enabling Windows Client support for speculation control 
mitigations described in https://support.microsoft.com/help/4073119
BTIHardwarePresent                  : True BTIWindowsSupportPresent            : True BTIWindowsSupportEnabled            : True BTIDisabledBySystemPolicy           : False BTIDisabledByNoHardwareSupport      : False BTIKernelRetpolineEnabled           : False BTIKernelImportOptimizationEnabled  : True RdclHardwareProtectedReported       : True RdclHardwareProtected               : True KVAShadowRequired                   : False KVAShadowWindowsSupportPresent      : True KVAShadowWindowsSupportEnabled      : False KVAShadowPcidEnabled                : False SSBDWindowsSupportPresent           : True SSBDHardwareVulnerable              : True SSBDHardwarePresent                 : True SSBDWindowsSupportEnabledSystemWide : False L1TFHardwareVulnerable              : False L1TFWindowsSupportPresent           : True L1TFWindowsSupportEnabled           : False L1TFInvalidPteBit                   : 0 L1DFlushSupported                   : True HvL1tfStatusAvailable               : True HvL1tfProcessorNotAffected          : True MDSWindowsSupportPresent            : True MDSHardwareVulnerable               : False MDSWindowsSupportEnabled            : False FBClearWindowsSupportPresent        : True SBDRSSDPHardwareVulnerable          : True FBSDPHardwareVulnerable             : True PSDPHardwareVulnerable              : True FBClearWindowsSupportEnabled        : False

PS>

Tweet this Tip!