Windows Speculative Execution Configuration

Glenn Maxwell 10,741 Reputation points
2022-04-23T14:27:06.23+00:00

Hi All

One of my Windows Server 2022 Datacenter edition-Gen1 server deployed from Azure Marketplace has the below vulnerability.

Windows Speculative Execution Configuration

This server doesn't have Hyper-V Role installed. Our vulnerability scanner tool takes me to these Microsoft articles.

https://support.microsoft.com/en-us/topic/windows-server-guidance-to-protect-against-speculative-execution-side-channel-vulnerabilities-2f965763-00e2-8f98-b632-0d96f30c8c8e
https://support.microsoft.com/en-us/topic/windows-client-guidance-for-it-pros-to-protect-against-speculative-execution-side-channel-vulnerabilities-35820a8a-ae13-1299-88cc-357f104f5b11

will adding the below registry keys fix the issue, experts guide me

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f

The CPU family is Processor Intel(R) Xeon(R) Platinum 8370C CPU @ 2.80GHz, 2793 Mhz, 2 Core(s), 4 Logical Processor(s)

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,601 questions
Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,560 questions
Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,430 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,599 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,778 questions
0 comments No comments
{count} votes

Accepted answer
  1. Limitless Technology 39,501 Reputation points
    2022-04-26T15:18:34.127+00:00

    Hello

    Thank you for your question and reaching out.

    As you have server on Azure :

    For Azure guidance, please refer to this article: Guidance for mitigating speculative execution side-channel vulnerabilities in Azure .
    https://learn.microsoft.com/en-us/azure/virtual-machines/mitigate-se

    ---------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Glenn Maxwell 10,741 Reputation points
    2022-04-26T10:52:26.65+00:00

    i am still seeing the vulnerability after adding the below registries experts guide me

    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f

    0 comments No comments