New PowerShell Script Helps Detect Meltdown and Spectre on Windows 10

news Jan 11, 2018

Earlier this week we told you guys about the Meltdown and Spectre Intel Security Bug.  In that article, you learned what Meltdown is and how to verify you're Windows 10 PC is patched against the vulnerability.

It turns out that even if you have the patch installed, your PC still might be susceptible to the Meltdown and Spectre bugs.  The reason is because you need to install a UEFI or BIOS update from your PC manufacturer to permanently close the hole. 

The UEFI/BIOS update contains CPU microcode that is specific to your CPU.

Before we get into doing that, Microsoft released a Meltdown PowerShell script that does an in-depth check of your system to help you verify if protections are enabled.

How to Use PowerShell to Verify Meltdown Protections

This fix only applies to Windows 10 machines.  Windows 7 users will need to upgrade Powershell to version 5.0 by downloading and installing the Windows Management Framework 5.0 first.

Alright, so in Windows 10, press the Windows Key + x and then hit the letter "a". Alternately, you can hit the Windows Key, type "cmd" and then press Ctrl + Shift + Esc.

This should open an elevated command prompt. In this prompt type:

powershell.exe

Good, now we need to install the PowerShell module from Microsoft that performs the checks.  Type this into the command prompt:

Install-Module SpeculationControl

You'll most likey see a prompt to install a NuGet provider.  Go ahead and hit the "y" key to continue.

Then answer yes to trust the repository...

Next we need to save the current PowerShell execution policy so we can go back to it later

$SavedExecutionPolicy = Get-ExecutionPolicy

Then we'll temporarily change the policy to allow our Spectre PowerShell script to run.

Set-ExecutionPolicy RemoteSigned -Scope Currentuser

Running the SpeculationControl Script

Now we're ready to run this script.  Let's import the module:

Import-Module SpeculationControl

Now let's see what we can do

Get-SpeculationControlSettings

We need a couple of items to be True (in other words, in green) to be protected from Spectre and Meltdown.

First up:

  • Hardware support for branch target injection mitigation is present:

We want this to be true.  This is the indicator for the UEFI or BIOS firmware fix.  You need this to be true in order to be fully protected against Spectre attacks.

Secondly:

  • Windows OS support for branch target injection mitigation is present:

This is a check to make sure your PC is protected against both the Meltdown and Spectre attacks.  It tells you that you have the Windows 10 Meltdown and Spectre patch installed.  

Now let's return our execution policy back to normal and talk about what we can do to get your PC fixed.

Set-ExecutionPolicy $SavedExecutionPolicy -Scope Currentuser

Getting the UEFI/BIOS Fix

Did the following item show false?

Hardware support for branch target injection mitigation is present: False

If you ran Get-SpeculationControlSettings and it was false then you need to update your UEFI and BIOS firmware.

The problem here is that each manufacturer has a different way of releasing the firmware fix (and many of them still don't have fixes available).

Here's a list of manufacturers with links to their respective Meltdown firmware fixes:

How to Verify the Meltdown and Spectre Patch in Windows 10

If Windows OS support for branch target injection mitigation is present: was False then the first thing we need to do is check for updates.

In Windows 10, hit the Windows Key, type "check for updates" and install all updates.

The same thing applies for Windows 7.

The only caveat here is that Microsoft has blocked the Meltdown update delivery to some AMD devices because the patch was bricking the box.

In addition, if your PC never gets the update it might be because your Antivirus software doesn't support it.

Kevin Beaumont is maintaining a Google Spreadhsset which shows a list of over 40 AV vendors and their support for Meltdown and Spectre.  This Meltdown and Spectre Google Doc is being updated frequently so make sure you check it out.

There you have it.  I hope this helps. 

Have you had any issues installing the Meltdown firmware updates or patches?  Let me know in the comments!

Also, we have posted a video walk-through on the SecurityPlusPro Youtube channel taking you through the topics we discussed in this video.  You can watch it below:

Cheers

Take the Next Step!

Join our FREE mailing list to get FREE Security+ training online. You'll get tons of Security+ videos, braindump PDFs, lab simulations and more.

Yes! I want to subscribe
Close

50% Complete

Let's do this!

Pop in your first name and best email address and we'll send you:

The latest updates on the CompTIA Security+ SY0-501 exam

Proven tips and tricks for passing the exam

Hands on video labs with complete step-by-step walk-throughs

And don't forget to refresh your inbox.  You should see us there in about 3 minutes.