N
Neil D Smith
some one had similar issue, I posted there but someone suggested I start a new post.
general specs.
server 2016 (problem happening on any server that has hyper - v)
intel
hyper-v manager it says install
we have a patch report that is saying the hyper-v manager servers needs:
need to install KB4343887 but first pre-req install KB4132216, I ran the install on both they both say not applicable
research also says the below reg keys should be changed:
"To properly enable mitigation for vulnerabilities patched in this update,
the following registry keys must be set according to vendor documentation:
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session
Manager\Memory Management\FeatureSettingsOverride
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session
Manager\Memory Management\FeatureSettingsOverrideMask
Computer\HKEY_LOCAL_MACHINE\ SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Virtualization\MinVmVersionForCpuBasedMitigations"
Your current settings:
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory
Management\FeatureSettingsOverride : 72
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory
Management\FeatureSettingsOverrideMask : 3
See Microsoft KB Articles 4073119 and 4072698 for more details"
The articles did not have a definitive direction, I found information
saying that last reg entry setting
Computer\HKEY_LOCAL_MACHINE\ SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Virtualization\MinVmVersionForCpuBasedMitigations
should be
/t REG_SZ /d "1.0" /f
or
1
I tried both settings but the server keeps coming back on a need patch report
for that initial issue. anyway to disable it? or a general setting to make it not appear on report.
Continue reading...
general specs.
server 2016 (problem happening on any server that has hyper - v)
intel
hyper-v manager it says install
we have a patch report that is saying the hyper-v manager servers needs:
need to install KB4343887 but first pre-req install KB4132216, I ran the install on both they both say not applicable
research also says the below reg keys should be changed:
"To properly enable mitigation for vulnerabilities patched in this update,
the following registry keys must be set according to vendor documentation:
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session
Manager\Memory Management\FeatureSettingsOverride
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session
Manager\Memory Management\FeatureSettingsOverrideMask
Computer\HKEY_LOCAL_MACHINE\ SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Virtualization\MinVmVersionForCpuBasedMitigations"
Your current settings:
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory
Management\FeatureSettingsOverride : 72
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory
Management\FeatureSettingsOverrideMask : 3
See Microsoft KB Articles 4073119 and 4072698 for more details"
The articles did not have a definitive direction, I found information
saying that last reg entry setting
Computer\HKEY_LOCAL_MACHINE\ SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Virtualization\MinVmVersionForCpuBasedMitigations
should be
/t REG_SZ /d "1.0" /f
or
1
I tried both settings but the server keeps coming back on a need patch report
for that initial issue. anyway to disable it? or a general setting to make it not appear on report.
Continue reading...