![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi,
The post here may help explain how to interpret what "hardware is vulnerable to L1 terminal fault" means: https://support.microsoft.com/en-us/help/4074629/understanding-the-output-of-get-speculationcontrolsettings-powershell
In short, this line will always report as True if the hardware is believed to be vulnerable to L1 terminal fault, even if the mitigation is enabled. The important part is the line that refers to "L1 terminal fault mitigation is enabled", which in your screenshot reports as True. This indicates that the mitigation is enabled and that this device is protected from CVE-2018-3620.
Hope that helps,
Matt Miller
Microsoft Security Response Center
I've read that, thanks.
If what you saying is true, this is a departure from how previous vulnerabilities were described, and just adds confusion. The previous way of doing it made far more sense, you could see if the necessary hardware (microcode) was there and if the mitigation is enabled&working.
With this formulation, it suggests that the hardware is vulnerable, and that's it. Yes you applied the mitigations, but... hardware is still found to be vulnerable.
The whole reason we apply these mitigations is to patch the vulnerable hardware and achieve a non-vulnerable state. You don't want to see that you're still vulnerable with all mitigations in place.