[Guide] Everything You Need to Know About Meltdown and Spectre Vulnerabilities

Recently I got an email from a reader “Evan” who wanted a simple, easy to understand and complete guide about recently discovered Meltdown and Spectre vulnerabilities. A guide which covers everything such as what are these vulnerabilities, how dangerous they are, how to fix them, etc.

So today I decided to compile this guide to cover everything which you need to know about these vulnerabilities. I’ll try my best to talk about each and everything related to these vulnerabilities.

Let’s start the guide:

Advertisement

What are Meltdown and Spectre Vulnerabilities?

Meltdown and Spectre also known as “Speculative Execution Side-Channel Attacks” are critical vulnerabilities in modern processors i.e. CPUs which can allow hackers/attackers to read your computer memory which can provide sensitive data to attackers such as passwords, photos, emails, addresses, important documents, etc. These vulnerabilities are not only limited to computers but also affect mobile devices and cloud services.

According to the researches, Meltdown vulnerability affects Intel processors only. It is unclear at the moment whether AMD processors are also affected by Meltdown. According to ARM, some of their processors are also affected.

On the other hand, Spectre vulnerability affects almost every system whether its a desktop, laptop, smartphone or cloud server. All modern processors are potentially vulnerable. Spectre vulnerability has been verified on Intel, AMD, and ARM processors.

How to Find Out If Windows PC is Affected by These Vulnerabilities?

Microsoft has provided a PowerShell script to know whether a Windows PC is vulnerable and if the protections are enabled.

You need to follow a few simple steps as mentioned below:

STEP 1:

First of all open Powershell as Administrator. If you are using Windows 10, you can access it using WIN+X menu. Press WIN+X keys together and select “Windows PowerShell (Admin)” option.

Advertisement

Alternatively, open Start Menu and type powershell. It’ll automatically start searching for the program and will show PowerShell in search results. Now press Ctrl+Shift+Enter keys together to launch PowerShell as Administrator. Or you can right-click on PowerShell entry and select “Run as Administrator” option.

STEP 2:

Now run following command in PowerShell window:

Install-Module SpeculationControl

You’ll get a prompt “NuGet provider is required to continue”. Press ‘Y‘ key and then Enter key to continue.

You’ll get another prompt “Untrusted Repository”. Press ‘Y‘ key and then Enter key to continue.

STEP 3:

Now run following command:

Set-ExecutionPolicy RemoteSigned

You’ll get a prompt “Execution Policy Change”. Press ‘Y‘ key and then Enter key to continue.

STEP 4:

Now run following commands one by one:

Import-Module SpeculationControl

Get-SpeculationControlSettings

Check_Meltdown_Spectre_Vulnerabilities_Protection_PowerShell.png

PowerShell window will display information about available protections divided into 2 sections which will look like as following:

Speculation control settings for CVE-2017-5715 [branch target injection]

Hardware support for branch target injection mitigation is present: True

Windows OS support for branch target injection mitigation is present: True

Windows OS support for branch target injection mitigation is enabled: True

Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: True

Windows OS support for kernel VA shadow is present: True

Windows OS support for kernel VA shadow is enabled: True

Windows OS support for PCID optimization is enabled: True

If a protection is enabled, it’ll appear as “True“. A “False” result indicates that the protection is not enabled.

STEP 5:

At last run following command:

Set-ExecutionPolicy Restricted

It’ll set the execution policy back to default settings. Thanks to “Adam” for the tip.

How to Fix These Vulnerabilities?

All companies are releasing updates, patches for their software, hardware, operating systems to fix these vulnerabilities.

Fixes for Operating Systems:

Various Linux distributions are continuously releasing updates to patch these vulnerabilities. Apple has also released updates for MacOS and Safari browser.

Microsoft has also released security updates for Windows 7, Windows 8.1 and Windows 10 to fix these vulnerabilities.

If you are using these Windows OS, you can install the updates automatically using Windows Updates. But if you have disabled Windows Updates or if you want to manually install these updates in several machines, you can download the updates from following links:

Download Security Updates for Windows 7

NOTE for Windows 7 Users: Your computer will receive the security update only if it contains a required registry key as mentioned in following article:

[Important Fix] Windows 7 With No (or Incompatible) Antivirus Not Receiving New Updates

Download Security Updates for Windows 8.1

Download Security Updates for Windows 10 Fall Creators Update (version 1709)

Download Security Updates for Windows 10 Creators Update (version 1703)

Above update also contains updates for Windows 10 Mobile build 15063.850 released on January 5, 2018.

Download Security Updates for Windows 10 Anniversary Update (version 1607)

Above update also applies to Windows Server 2016 and Windows 10 Mobile released in August 2016. It also contains updates for Windows 10 Mobile build 14393.2007 released on January 5, 2018.

Download Security Updates for Windows 10 November Update (version 1511)

Above update can be applied to Windows 10 Enterprise and Windows 10 Education editions only. This update isn’t applicable to Windows 10 Pro or Windows 10 Home editions.

Download Security Updates for Windows 10 Enterprise version 1507 released in July 2015

There are no updates available for Windows XP and Windows Vista yet.

Very soon Microsoft will release updates for Surface devices. The Surface devices which will receive the update are as following: Surface Pro 3, Surface Pro 4, Surface Book, Surface Studio, Surface Pro Model 1796, Surface Laptop, Surface Pro with LTE Advanced and Surface Book 2.

Fixes for Web Browsers:

The web browsers are also affected by these vulnerabilities.

The above mentioned updates for Windows OS also patch built-in Internet Explorer and Microsoft Edge web browsers to fix these vulnerabilities.

Mozilla has released version 57.0.4 for their web browser Firefox to fix these vulnerabilities.

Google has not released any update for Chrome browser yet. The updates for Chrome will be released later this month on January 23, 2018 when Chrome 64 will be released.

UPDATE (Jan 24, 2018): Chrome 64 is now available for download which comes with mitigation for the Meltdown and Spectre vulnerabilities.

Chrome and other Chromium based browsers (Opera, Vivaldi, etc) users can also enable an optional feature “Site Isolation” which can mitigate exploitation of these vulnerabilities as suggested by Chromium project team.

To enable this feature, follow these simple steps:

1. Open web browser and paste following string in address bar:

chrome://flags/#enable-site-per-process

2. Press Enter and it’ll open Chrome’s flags page. Click on Enable link given below the “Strict site isolation” option.

Enable_Strict_Site_Isolation_Google_Chrome.png

3. It’ll ask to restart browser to take effects.

After restart, it’ll enable the site isolation feature.

The above mentioned method will work on all Chromium based browsers such as Google Chrome, Opera, Vivaldi, etc.

[ADVANCED] Manual Fix for Windows Operating System

Advanced users can also modify Windows Registry to fix these vulnerabilities. If you are familiar with registry editing, follow these steps:

1. Press “WIN+R” key combination to launch RUN dialog box then type regedit and press Enter. It’ll open Registry Editor.

2. Now go to following key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management

3. In right-side pane, create two new DWORDs with the name as following:

FeatureSettingsOverride

FeatureSettingsOverrideMask

Leave the value of FeatureSettingsOverride to 0 but change the value of FeatureSettingsOverrideMask to 3

Fix_Meltdown_Spectre_Vulnerabilities_Windows_Registry.png

4. Restart your computer to take effects.

NOTE: If you are not familiar with Registry editing and want a ready-made Registry script to do the task automatically, download following ZIP file, extract it and run the extracted REG file. It’ll ask for confirmation, accept it:

PS: You should also check out your computer manufacturer website for BIOS and other driver updates available to fix these vulnerabilities.

Published in: Google Chrome, Opera, Troubleshooting Guides, Windows 10, Windows 7, Windows 8

About the author: Vishal Gupta (also known as VG) has been awarded with Microsoft MVP (Most Valuable Professional) award. He holds Masters degree in Computer Applications (MCA). He has written several tech articles for popular newspapers and magazines and has also appeared in tech shows on various TV channels.

Comments

NOTE: Older comments have been removed to reduce database overhead.

  1. Can you explain little more about these two registry keys ( FeatureSettingsOverride and FeatureSettingsOverrideMask ) ?

    By adding these two registry keys, “Will it do anything to the Windows 10 kernel?”

    Thanks!

  2. Your article is very well written however you have overlooked one very important thing and that is that if a user is running an anti-virus program that is not compatible with the updates and the user manually downloads the updates, the next time the user starts there computer they will be presented with a Blue Screen of Death!! I do not know why this happens but I do know that it is true.

  3. Also, I would like to add that you should tell people to set their Execution Policy back to Restricted by typing “Set-ExecutionPolicy Restricted”. Otherwise, they will be leaving their computer vulnerable!

  4. ^^ Thanks for the heads up. Added to the article. Regarding antivirus issue, that is not true. The BSOD issues occurred for a few users due to incompatibilities between updates and the processor model. Now the issue has been fixed in the update.

    @Curious
    Following is official description of the keys from Microsoft:

    FeatureSettingsOverride represents a bitmap that overrides the default setting and controls which mitigations will be disabled. Bit 0 controls the mitigation corresponding to CVE-2017-5715 and Bit 1 controls the mitigation corresponding to CVE-2017-5754. The bits are set to “Zero” to enable the mitigation and to “One” to disable the mitigation.

    FeatureSettingsOverrideMask represents a bitmap mask that is used in conjunction with FeatureSettingsOverride and in this case, using the value 3 (0x11) which indicates the first two bits that correspond to the available mitigations.

  5. Fixed or Not? I followed the instructions and got 4 “False” notifications as a result of STEP 4 of the procedure. See image: s10.postimg.org/82h3c845l/Spectre_Malware_1.jpg
    Since I have the proper Windows Update in this regard, I applied the “[ADVANCED] Manual Fix for Windows Operating System” to the registry and restarted. I then went through the procedure again and I still have the 4 “False” notifications.

    Also, when running the procedure the second time it appears to me that STEP 5, “It’ll set the execution policy back to default settings”, is not functioning properly. When I ran STEP 2 and STEP 3 the second time I did not get the prompts noted in the instructions that I got when I ran the commands the first time.

    I’m concerned, I really don’t know what effect the changes you recommended will have in regard to Meltdown and Spectre Vulnerabilities or to the functioning of my OS (Win10 Pro 1709 Build 16299.192).

  6. ^^ Don’t worry about those warnings. The main thing to notice is the protection status shown under following 2 sections:

    Speculation control settings for CVE-2017-5715 [branch target injection]
    Speculation control settings for CVE-2017-5754 [rogue data cache load]

    Regarding prompts, you’ll not get the prompts, if you run the commands again as the required module has already been downloaded on your computer.

    If you have successfully installed updates and applied registry script, you are safe. And don’t run the powershell commands multiple times.

  7. If we’d already had updates you mentioned installed do we still need apply those registry fix?

  8. ^^ Registry fixes are optional if updates have been installed. But you can apply them if you are worried.

  9. Thanks for all of the wonderful input–for this and everything else!
    This article awoke my curiosity regarding Windows PowerShell and I started to investigate.
    I was missing some Help files, and according to the directions, typed the Command:

    Update-Help

    Now, it took a couple of minutes on a fairly fast pipe, but now I’ve got everything I need to ask PowerShell about itself.

    P.S. If you get an error about not being able to download any particular module, just rerun the

    Update-Help

    command, and don’t do anything else on your computer while it is working…(I was hogging the network at the time I received my error, and PowerShell couldn’t get what it wanted, so I just reran the command, and it only updated what was missing and was very fast about it!)

Leave a Comment

Your email address will not be published. Required fields are marked *

NOTE: Your comment may not appear immediately. It'll become visible once we approve it.