Windows Speculative Execution Configuration

Question

Hi All

One of my Windows Server 2022 Datacenter edition-Gen1 server deployed from Azure Marketplace has the below vulnerability.

Windows Speculative Execution Configuration

This server doesn't have Hyper-V Role installed. Our vulnerability scanner tool takes me to these Microsoft articles.

https://support.microsoft.com/en-us/topic/windows-server-guidance-to-protect-against-speculative-execution-side-channel-vulnerabilities-2f965763-00e2-8f98-b632-0d96f30c8c8e
https://support.microsoft.com/en-us/topic/windows-client-guidance-for-it-pros-to-protect-against-speculative-execution-side-channel-vulnerabilities-35820a8a-ae13-1299-88cc-357f104f5b11

will adding the below registry keys fix the issue, experts guide me

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f

The CPU family is Processor Intel(R) Xeon(R) Platinum 8370C CPU @ 2.80GHz, 2793 Mhz, 2 Core(s), 4 Logical Processor(s)

Answer 1

Hello

Thank you for your question and reaching out.

As you have server on Azure :

For Azure guidance, please refer to this article: Guidance for mitigating speculative execution side-channel vulnerabilities in Azure .
https://learn.microsoft.com/en-us/azure/virtual-machines/mitigate-se

---------------------------------------------------------------------------------------------------

--If the reply is helpful, please Upvote and Accept as answer--

Answer 2

i am still seeing the vulnerability after adding the below registries experts guide me

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f