[Cross-Post] Intel/AMD/ARM CPU firmware vulnerability–“Speculative execution side-channel vulnerabilities” (Kernel Page Table Isolation (KPTI)).

CVE-2017-5753: bounds check bypass
CVE-2017-5715: branch target injection
CVE-2017-5754: rogue data cache load

“Speculative execution side-channel vulnerabilities” that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass

        Note:  Also known as “Kernel Page Table Isolation” (KPTI)) vulnerability.

        Note 2:  Also known as “Meltdown attack”

        Note 3:  Also known as “Spectre attack”

Register’s Intel story from Jan. 3rd, 2018.

What’s impacted?  They affect the different hardware of multiple vendors across the industry

  • Intel
  • AMD
  • ARM

                 Meltdown https://meltdownattack.com/

                 Meltdown impacts only Intel*

                             Note:  * As of now.

                Spectre https://spectreattack.com/

                Spectre impacts Intel, AMD, and ARM.

Thus the software running on top (Windows, Linux, Android, Chrome, IOS, Mac OS).

Intel Corp. has released the following announcement:

Intel Responds to Security Research Findings


US Cert has released the following announcement:

· US Cert. Notification

AMD Corp. has released the following announcement:

An Update on AMD Processor Security

[PATCH] x86/cpu, x86/pti: Do not enable PTI on AMD processors

For a list of the announcement by hardware vendors, check out Chris Mill's (Security PM) blog site:


Microsoft Security Advisory:

ADV180002 | Vulnerability in CPU Microcode Could Allow Information Disclosure


Microsoft Azure’s announcement:

Securing Azure customers from CPU vulnerability


4073235 Microsoft Cloud Protections Against Speculative Execution


Microsoft Windows and Windows Server related information:

4072699 Important information regarding the Windows security updates released on January 3, 2018 and anti-virus software

For a list of the announcement by AV vendors, check out Chris Mill's (Security PM) site:


4073229 Protecting your device against chip-related security vulnerabilities

4073707 Windows operating system security update block for some AMD based devices


4073119 Windows Client Guidance for IT Pros to protect against speculative execution side-channel vulnerabilities

4072698 Windows Server Guidance to protect against the speculative execution side-channel vulnerabilities

4073225 SQL Server Guidance to protect against speculative execution side-channel vulnerabilities

Understanding the performance impact of Spectre and Meltdown mitigations on Windows Systems


Summary:  5 steps:

  1. Apply CPU microcode (firmware) update from the OEM hardware manufacturer.
  2. Check with your AV vendor for antivirus compatibility before installing "Windows Update".

                 Note:  Windows Defender Antivirus and SCEP are compatible.

             3. Install "Windows Updates" from January 3rd, 2018.

             4.  Windows Server OS need to enable software mitigations.

  • reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f
  • reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f

             5.  On Hyper-V hosts, you will need shutdown (live migrate off) the Guest VM’s and add the following registry key on the Hyper-V Host:

  • reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d "1.0" /f


Q:  Does the Host need to be patched first?  Or is it ok to patch the VM first?

A:  For the Windows patches, the order doesn't matter.

Q:  What does the following registry MinVmVersionForCpuBasedMitigations do?

A:  MinVmVersionForCpuBasedMitigations is "minimum VM version that needs access to the updated firmware capabilities"

      Protecting guest virtual machines from CVE-2017-5715 (branch target injection)

Surface hardware related information:

4073065 Surface Guidance for Customers and Partners: Protect your devices against the recent chip-related security vulnerability

The Windows and Windows Server related hotfixes are available here:


Windows 10 1709 and Windows Server 1709 (a.k.a. Fall’s Creators update, codename RS3):

4056892 January 3, 2018—KB4056892 (OS Build 16299.192)

2018-01 Update for Windows 10 Version 1709 (KB4058702)


Windows 10 1703 and Windows Server 1703 (a.k.a. Creators update, codename RS2):

4056891 January 3, 2018—KB4056891 (OS Build 15063.850)


Windows 10 version 1607 and Windows Server 2016 (a.k.a. Anniversary edition, codename RS1):

4056890 January 3, 2018—KB4056890 (OS Build 14393.2007)


Windows 10 version 1511 (a.k.a. November update, codename TH2):

4056888 January 3, 2018—KB4056888 (OS Build 10586.1356)

2018-01 Cumulative Update for Windows 10 Version 1511 (KB4056888)


Windows 10 version 1507 (a.k.a. RTM, codename TH1):

4056893 January 3, 2018—KB4056893 (OS Build 10240.17738)

2018-01 Cumulative Update for Windows 10 Version 1507 (KB4056893)


Windows 8.1 and Windows Server 2012 R2:

January 3, 2018—KB4056898 (Security-only update)

2018-01 Security Only Quality Update for Windows Server 2012 R2  (KB4056898)


Windows 7 SP1 and Windows Server 2008 R2:

4056897 January 3, 2018—KB4056897 (Security-only update)

2018-01 Security Only Quality Update for Windows Server 2008 R2 (KB4056897)


My PFE peers:

  • Ralph Kyttle wrote the following PoSh (Powershell) DSM:

Verifying Spectre / Meltdown protections remotely

  • Ken Wygant wrote and shared the following SCCM DCM baseline and it’s available for download here:


has been replaced with:

Speculation Execution Side-Channel Vulnerabilities Configuration Baseline



P.S.  The other ISV’s impacted by the issue:

Google’s announcement:

Today's CPU vulnerability: what you need to know

AWS’s announcement:
Processor Speculative Execution Research Disclosure

Redhat’s announcement:
Kernel Side-Channel Attacks - CVE-2017-5754 CVE-2017-5753 CVE-2017-5715

     Speculative Execution Exploit Performance Impacts - Describing the performance impacts to security patches for CVE-2017-5754 CVE-2017-5753 and CVE-2017-5715

Ubuntu’s announcement:


Suse’s announcement:




VMWare’s announcement: