Windows Speculative Execution Configuration

Glenn Maxwell 12,876 Reputation points
2022-04-23T14:27:06.23+00:00

Hi All

One of my Windows Server 2022 Datacenter edition-Gen1 server deployed from Azure Marketplace has the below vulnerability.

Windows Speculative Execution Configuration

This server doesn't have Hyper-V Role installed. Our vulnerability scanner tool takes me to these Microsoft articles.

https://support.microsoft.com/en-us/topic/windows-server-guidance-to-protect-against-speculative-execution-side-channel-vulnerabilities-2f965763-00e2-8f98-b632-0d96f30c8c8e
https://support.microsoft.com/en-us/topic/windows-client-guidance-for-it-pros-to-protect-against-speculative-execution-side-channel-vulnerabilities-35820a8a-ae13-1299-88cc-357f104f5b11

will adding the below registry keys fix the issue, experts guide me

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f

The CPU family is Processor Intel(R) Xeon(R) Platinum 8370C CPU @ 2.80GHz, 2793 Mhz, 2 Core(s), 4 Logical Processor(s)

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
9,036 questions
Windows for business | Windows Server | User experience | Other
Windows for business | Windows Server | Devices and deployment | Configure application groups
0 comments No comments
{count} votes

Accepted answer
  1. Limitless Technology 39,926 Reputation points
    2022-04-26T15:18:34.127+00:00

    Hello

    Thank you for your question and reaching out.

    As you have server on Azure :

    For Azure guidance, please refer to this article: Guidance for mitigating speculative execution side-channel vulnerabilities in Azure .
    https://learn.microsoft.com/en-us/azure/virtual-machines/mitigate-se

    ---------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Glenn Maxwell 12,876 Reputation points
    2022-04-26T10:52:26.65+00:00

    i am still seeing the vulnerability after adding the below registries experts guide me

    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.