Jump to content


JBC

Meltdown/Spectre Application

Recommended Posts

Has anyone developed an application that will run the Get-SpeculationControl script from Microsoft and return useful results? I have a few ideas on how to do it.

I want to develop a script that checks if the computer is compliant and write a registry key which I can check for success/failure.

I am not sure how to design this since I would have to install the module on each computer as part of the application. 30% of my computers are offline most of the time which is why I want to do this with SCCM so it runs as they connect to the network.

If someone has already developed something that works I'd like to know how it was done.

Share this post


Link to post
Share on other sites


4 hours ago, JBC said:

Has anyone developed an application that will run the Get-SpeculationControl script from Microsoft and return useful results? I have a few ideas on how to do it.

I want to develop a script that checks if the computer is compliant and write a registry key which I can check for success/failure.

I am not sure how to design this since I would have to install the module on each computer as part of the application. 30% of my computers are offline most of the time which is why I want to do this with SCCM so it runs as they connect to the network.

If someone has already developed something that works I'd like to know how it was done.

To be fair, I have not tested this method but I do not see a reason it would not work as long as the return codes are properly returned and captured during deployment.

I would use the application developed by Steve Gibson https://www.grc.com/inspectre.htm . Don't let the basic website fool you, he is reputable.

Package that up in SCCM with the "probe" command , and based on the exit code returned to SCCM you should get a pretty good picture of which systems are vulnerable.

 

I just noticed in release #4 , he gives you sample scripts you can use: https://www.grc.com/inspectre/InSpectre-Probe-Samples.zip

 

Release #4 — Silent System Probe Option:
When InSpectre is launched with the string “probe” in its command line, its Windows user interface will be suppressed and InSpectre will act like a command-line utility. It will assess its hosting system's status, then immediately terminate itself returning a decimal exitcode which encodes the eight “trouble bits” shown below, which itemizes any trouble. Therefore, for example, an exitcode of zero (0) is returned only by a fully secure system.
 

Decimal
Value
Trouble Itemization
1 OS is not aware of the Meltdown vulnerability
2 OS is not aware of the Spectre vulnerability
4 The system is vulnerable to Meltdown
8 The system is vulnerable to Spectre
16 CPU does not support Spectre (microcode not updated)
32 CPU does not support low-overhead Meltdown protection
64 Meltdown protection disabled by registry setting
128 Spectre protection disabled by registry setting

 

Share this post


Link to post
Share on other sites

Thanks, this is what I was looking for. I love Steve Gibson. I listen to Security Now but forgot about this.

Share this post


Link to post
Share on other sites

I found a CI from Microsoft that is even better.

https://gallery.technet.microsoft.com/Speculation-Execution-Side-1483f621

 

Share this post


Link to post
Share on other sites

Good find!!

Your question sparked curiosity about our environment but we still have Powershell 2.0 on Windows 7 systems. 

Share this post


Link to post
Share on other sites
2 minutes ago, teamfox201 said:

Good find!!

Your question sparked curiosity about our environment but we still have Powershell 2.0 on Windows 7 systems. 

I upgraded our Windows 7 computers to 4.0. It's pretty easy with ConfigMgr.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...