L
Leamad
From MS info for IT tech "
Manage Speculative Store Bypass and mitigations around Spectre Variant 2 and Meltdown
Applies to: Windows 10, version 1803, Windows 10, version 1709, Windows 10, version 1703, Windows 10, version 1607, Windows 10, Windows 8.1, and Windows 7 SP1.
"
I sent GPO to install the registry values. Most machines are OK with reboot. But some are not and enter the startup repair dialog. I used the repair tools and checked the registry on several failing machines. FeatureSettingsOverride is set to 8. If I change it to 0 the machines will reboot. I checked a few unaffected machines and the value is 8. So far, affected machines are Win10 builds 1607 and 1703. So far no Win7, Win 8.1 or Win10 builds 1709/1803 machines have reported the problem, and I haven't verified if any Win10 build 1702/1607 machines have rebooted successfully after the GPO is installed. I have not correlated with install status of any MS patches. I suspect it's possible that affected machines have not installed the underlying patch. Considering the complexity of the Spectre/Meltdown class of vulnerabilities and the actions MS has taken I ask if anyone has experienced this problem and what they did to fix it.
Continue reading...
Manage Speculative Store Bypass and mitigations around Spectre Variant 2 and Meltdown
Applies to: Windows 10, version 1803, Windows 10, version 1709, Windows 10, version 1703, Windows 10, version 1607, Windows 10, Windows 8.1, and Windows 7 SP1.
- Enable mitigations around Speculative Store Bypass (CVE-2018-3639) together with mitigations around Spectre Variant 2 (CVE-2017-5715 "Branch Target Injection") and Meltdown (CVE-2017-5754) through the following registry settings (because they are not enabled by default).
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 8 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
"
I sent GPO to install the registry values. Most machines are OK with reboot. But some are not and enter the startup repair dialog. I used the repair tools and checked the registry on several failing machines. FeatureSettingsOverride is set to 8. If I change it to 0 the machines will reboot. I checked a few unaffected machines and the value is 8. So far, affected machines are Win10 builds 1607 and 1703. So far no Win7, Win 8.1 or Win10 builds 1709/1803 machines have reported the problem, and I haven't verified if any Win10 build 1702/1607 machines have rebooted successfully after the GPO is installed. I have not correlated with install status of any MS patches. I suspect it's possible that affected machines have not installed the underlying patch. Considering the complexity of the Spectre/Meltdown class of vulnerabilities and the actions MS has taken I ask if anyone has experienced this problem and what they did to fix it.
Continue reading...