Hi, We received a vulnerability alert for enabling Hyper-Threading while we were taking Windows Speculative Execution Configuration Check, what should we do for this? OS: Microsoft Windows Server 2019 Datacenter The Vulnerability definition: Current Settings: SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\ FeatureSettingsOverrideMask: Not Set SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\ FeatureSettingsOverride: Not Set Note: Hyper-Threading disabled. Looks like to recommend us to enable the registry key for Hyper-Threading? Not sure whether it will impact the VMs running. Any actions or patches can help this? Cheers, Bo Xiao

Read on here and also check with the hardware vendor about firmware updates. https://support.microsoft.com/en-us/topic/kb4072698-windows-server-and-azure-stack-hci-guidance-to-protect-against-silicon-based-microarchitectural-and-speculative-execution-side-channel-vulnerabilities-2f965763-00e2-8f98-b632-0d96f30c8c8e --please don't forget to upvote and Accept as answer if the reply is helpful--

Vulnerability for enabling Hyper-Threading

Accepted answer

Anonymous

2022-11-06T23:22:47.727+00:00

Read on here and also check with the hardware vendor about firmware updates.
https://support.microsoft.com/en-us/topic/kb4072698-windows-server-and-azure-stack-hci-guidance-to-protect-against-silicon-based-microarchitectural-and-speculative-execution-side-channel-vulnerabilities-2f965763-00e2-8f98-b632-0d96f30c8c8e

--please don't forget to upvote and Accept as answer if the reply is helpful--
Please sign in to rate this answer.
Anonymous

2022-11-10T14:41:47.553+00:00

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--

Bo Xiao 66 Reputation points

2022-11-11T01:15:58.49+00:00

Hi DSPatrick,

Thanks for the reply. BTW, there are two recommendations for the settings (currently, not set yet), which one I should choose?
The VMs are based in Azure and the OS is: Microsoft Windows Server 2019 Datacenter
Thanks

Recommended Settings 1:

SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverrideMask: 0x00000003 (3)

SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverride: 0x00000048 (72)
CVEs Covered:
CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-3615, CVE-2018-3620,
CVE-2018-3639, CVE-2018-3646, CVE-2018-11091, CVE-2018-12126, CVE-2018-12127,
CVE-2018-12130, CVE-2019-11135
Note: Hyper-Threading enabled.

-----------------------------------

Recommended Settings 2:

SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverrideMask: 0x00000003 (3)

SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverride: 0x00002048 (8264)
CVEs Covered:
CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-3615, CVE-2018-3620,
CVE-2018-3639, CVE-2018-3646, CVE-2018-11091, CVE-2018-12126, CVE-2018-12127,
CVE-2018-12130, CVE-2019-11135
Note: Hyper-Threading disabled.

Best regards,

Bo Xiao

Anonymous

2022-11-11T01:36:23.417+00:00

Reading here In Azure they've already mitigated.
Microsoft has deployed mitigations across all our cloud services. The infrastructure that runs Azure and isolates customer workloads from each other is protected. This means that a potential attacker using the same infrastructure can’t attack your application using these vulnerabilities.
https://learn.microsoft.com/en-us/azure/virtual-machines/mitigate-se

Narasimha K Chary 0 Reputation points

2024-08-30T05:17:48.3666667+00:00

Either we enable or disable the Hyperthreading in Windows Server 2019 Datacenter version, the vulnerability "Windows Speculative Execution Configuration Check" is not getting Mitigated. Please any one can give an alternate solution?
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

Vulnerability for enabling Hyper-Threading

0 additional answers

Your answer