About CPU bug aka #Meltdown / #Spectre

  • What are the vulnerabilities?
    • CVE-2017-5715 – (Spectre), branch target injection
    • CVE-2017-5753 – (Spectre), bounds check bypass
    • CVE-2017-5754 – (Meltdown), rogue data cache load, memory access permission check performed after kernel memory read
  • Where to start? What about reading the following posts?

This isn’t an exhaustive list of posts, it’s just a starting point. These vulnerabilities have the widest scope I’ve ever seen and show how fragile IT devices and software are is. I should probably start distributing stickers sayin ‘Human error inside’ 😉

  • What should I do? What’s the plan?

While it isn’t just a Microsoft issue, a PM.org list member (Mike) provided the following plan for Windows based computers:

Please note that you’ll need a microcode update or firmware update from your device manufacturer to be able to fully mitigate these vulnerabilities whatever OS and software you run.

If you run an Antivirus (AV) software (you should), please make sure it’s compatible with the security fixes released by software or OS vendors.

  • Where do I find the SpeculationControl PowerShell module provided by the MSRC?

The PowerShell gallery hosts the module: https://www.powershellgallery.com/packages/SpeculationControl

The MSRC also released a zip version of it that you’ll find on https://aka.ms/SpeculationControlPS

  • How do I use this module?

It may not be that easy and straightforward as you may think, when you’re supposed to start by installing the module with the following command

# Open a PowerShell prompt and type:
Install-Module SpeculationControl

Why? Because it depends on the version of PowerShell you run, if you run the console with elevated admin privileges, whether the Nuget provider has already been bootstraped or not… (see more on my Inside the Nuget bootstraping process post)

Here’s what I did on my Windows 10 (1709) where the Nuget provider wasn’t present:


# 1. Download the nuget provider dll
Invoke-WebRequest -Uri `
https://oneget.org/Microsoft.PackageManagement.NuGetProvider-2.8.5.207.dll `
-OutFile `
~/downloads/Microsoft.PackageManagement.NuGetProvider.dll

# 2. Check the integrity of the downloaded file 
(Get-FileHash ~/downloads/Microsoft.PackageManagement.NuGetProvider.dll -Algorithm SHA512 | Select -Expand Hash).ToLower() -eq 
'c68f9be28eb338abc0200e93a089188a734c6b13c59f3c0eb9bb79898e9bee8a5b50bf4b6e4eeaeee687d8cad927d5cfa8ec25e591de0d8ac745b19ae66ab006'

# 3. Create a destination folder
mkdir "C:\Program Files\PackageManagement\ProviderAssemblies\nuget\2.8.5.207"

# 4. Copy the dll file to this folder
copy ~/downloads/Microsoft.PackageManagement.NuGetProvider.dll  `
-Destination "C:\Program Files\PackageManagement\ProviderAssemblies\nuget\2.8.5.207"

# 5. Load the dll
Import-PackageProvider -Name Nuget -Verbose

# 6. Save the module from the powershellgallery.com
Save-Module -Name SpeculationControl -Repository  PsGallery -Verbose -Path ~/Downloads

# 7. Change the execution policy for the current console
Set-ExecutionPolicy  -Scope Process -ExecutionPolicy Bypass

# 8. Import the module (version 1.0.1 in my case)
Import-Module ~\Downloads\SpeculationControl\1.0.1\SpeculationControl.psd1 -Verbose

# 9. Use it 
Get-SpeculationControlSettings

  • How do I use the module against remote computers?

A fellow MVP Mike F. Robbins shows a nice way to achieve this on his blog:
Using PowerShell to Check Remote Windows Systems for CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre)

  • How do I follow the changes in the SpeculationControl module?

Well you can’t. The MSRC hasn’t indicated a ProjectURI in the metadata of the module 😦

I’ve saved all the versions from the PowerShell Gallery and pushed them into a github repo.

As of version 1.0.2, the module hosted on the PSGallery is digitally signed.

You can now check what changed using diff on the different commits: https://github.com/p0w3rsh3ll/MSRC-SpeculationControl/commits/master 🙂

Advertisements

16 thoughts on “About CPU bug aka #Meltdown / #Spectre

  1. Many thanks for this great overview and required actions to take. It’s frightened to see after so many years of security awareness and high investments, our systems are still so vulnerable..security is sadly no more than an illusion.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s