Microsoft releases PowerShell script to check if your PC is vulnerable to Meltdown and Spectre

In the wake of the Meltdown and Spectre chip bug revelations, people around the world are wondering whether or not they are affected. Bearing in mind the number of chips with the flaw, the chances that your computer has a vulnerability are very high.

Microsoft rushed to get an emergency fix out to Windows 10 users, promising that Windows 7 and 8 users will be patched in the near future. The company has also released a PowerShell script that lets users check whether they have protection in place.

See also:

In a support article, Microsoft offers the reassurance that it is unaware of any instance of the chip vulnerabilities being used to attack customers. The firm points out that it has already released a patch, and says that it is working with other companies to offer further protection to people. In the meantime, Microsoft offers a three-point protection plan:

  1. Verify that you are running a supported antivirus application before you install OS or firmware updates. Contact the antivirus software vendor for compatibility information.
  2. Apply all available Windows operating system updates, including the January 2018 Windows security updates.
  3. Apply the applicable firmware update that is provided by the device manufacturer.

On top of this, the company has also produced a PowerShell script that checks whether your PC is vulnerable. Use the following steps to install and run the test.

  1. Press the Windows key and type PowerShell.
  2. Right click the PowerShell shortcut and select Run as Administrator.
  3. Type Install-Module SpeculationControl and press Enter.
  4. If you are prompted to install the NuGet provider, type Y and press Enter, and repeat if you are warned about installing from an untrusted repository.
  5. With the installation complete, type Import-Module SpeculationControl and press Enter.
  6. Type Get-SpeculationControlSettings and press Enter.

In the list of results that's displayed, you're looking to see that a series of protections are enabled -- this will be listed as True. Microsoft explains that the ideal set of results looks like this:

Speculation control settings for CVE-2017-5715 [branch target injection]

Hardware support for branch target injection mitigation is present: True

Windows OS support for branch target injection mitigation is present: True

Windows OS support for branch target injection mitigation is enabled: True

Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: True

Windows OS support for kernel VA shadow is present: True

Windows OS support for kernel VA shadow is enabled: True

Windows OS support for PCID optimization is enabled: True

81 Responses to Microsoft releases PowerShell script to check if your PC is vulnerable to Meltdown and Spectre

  1. FF222 says:

    "SpeculationControl.psm1 cannot be loaded because running scripts is disabled on this system." Thanks, Microsoft.

    • Hoppalez says:

      Same for me.. Wonder if that is Good ..or Bad?.

    • Slavic says:

      From bleepingcomputer*com:

      If you run the command and get execution errors, you might need to adjust your Powershell execution policy. Run the following command:
      Set-ExecutionPolicy Bypass

      • Thomas Lake says:

        Do I have to set it back to its default after I'm done running the script? If so what option do I use? After I ran the routines, I tried the Default option but The Default option didn't prevent access to SpeculationControl.

      • Slavic says:

        Set-ExecutionPolicy Restricted

      • sn0wflake says:

        PS> Install-Module SpeculationControl

        Run the PowerShell module to validate the protections are enabled

        PS> # Save the current execution policy so it can be reset

        PS> $SaveExecutionPolicy = Get-ExecutionPolicy

        PS> Set-ExecutionPolicy RemoteSigned -Scope Currentuser

        PS> Import-Module SpeculationControl

        PS> Get-SpeculationControlSettings

        PS> # Reset the execution policy to the original state

        PS> Set-ExecutionPolicy $SaveExecutionPolicy -Scope Currentuser

      • Ordeith says:

        PowerShell doesn't run on crappy Chromebooks. LOL. 🤣

      • Thomas Lake says:

        I know. That's why I'm eliminating Windows on most of my PCs. Less configuration means less chance of error.

      • Ordeith says:

        Less capability and less choice also. 🤷

      • Joe Souza says:

        Be aware that Meltdown and Spectre are due to hardware bugs/design flaws on Intel CPUs. If you're running ChromeOS/Linux, etc. on this same CPU, the bug is still there. It's not a Microsoft bug.

      • Ajibulu Goodluck Olusegun Femi says:

        hahaa. I am typing from a Chromebook too... poor

      • 58sniper says:

        Don't set it to bypass. Ever.
        Set it to RemoteSigned

      • bfoster68 says:

        bingo...right answer

      • BurgersBytes says:

        Try powershell.exe -ExecutionPolicy AllSigned and run script again. It will revert to disabled when PowerShell is closed

  2. Michael Runge says:

    C:WINDOWSsystem32>install-Module SpeculationControl
    'install-Module' is not recognized as an internal or external command,
    operable program or batch file.

    C:WINDOWSsystem32>

    • Stephen Suley says:

      'that's the command prompt, you want to enter the commands into PowerShell. Start-->Run-->"powershell" [Enter].

    • Future Bardock says:

      Use the GUI detection tool from Intel instead.
      youtube /watch?v=2fKXQIEO67s
      Download it from Intel link in the video description.

      • PenguinJoe says:

        Showed me as not vulnerable (I'm on a threadripper system).

      • 1DaveN says:

        If that GUI tool is the one released in November of last year, it's nothing to do with this - it addresses an entirely separate vulnerability.

      • Future Bardock says:

        It is released December 2017.

      • 1DaveN says:

        There's no GUI tool for this vulnerability, although lots of articles have pointed to the one you're referring to. That addresses an entirely different vulnerability that was fixed last fall.

      • Future Bardock says:

        Open folder DiscoveryTool.GUI

      • mozista says:

        That video starts by discussing the IME vulnerability, for which Intel provided a GUI tool, but then segeues into talking about the Meltdown/Spectre issues as if they were all the same thing (they are not!) Confusion on Brian's part apparently.

      • Future Bardock says:

        Don't you think Intel would use IME updates to fix Meltdown/Spectre issues?

      • mozista says:

        No, I don't think that is possible. This is not fixable in microcode, at least according to what I know about the architecture. There is a path to a fix via an operating system patch, but for processors and/or BIOS in a certain age range this may lead to slower operation ("up to" the 30% figure you may have heard.) Also, certain AV software would apparently be blocked by the changes made by the patch.

      • Future Bardock says:

        Meltdown/Spectre vulnerability fix is applied in multiple ways, not only on bios level. Its being fixed on bios level, OS level, driver level and on user programs level, but the only way to fix 100% is replacing the CPU with non-vulnerable CPU.

      • Zootopiaʒooo says:

        That tool on two PCs said Detection error, I MAY be vulnerable, blah blah blah. Useless to me.

      • Future Bardock says:

        Run it as admin. If it still says vulnerable, you need to update Bios.

      • Stephen MacDougall says:

        Q: My system is reported as may be Vulnerable by the Intel-SA-00086 Detection Tool. What do I do?
        A: A status of may be Vulnerable is usually seen when either of the following drivers aren't installed:

        * Intel® Management Engine Interface (Intel® MEI) driver

        or

        * Intel® Trusted Execution Engine Interface (Intel® TXEI) driver

      • sn0wflake says:

        That's the Intel Management Engine flaw, an entirely different vulnerability *rolls eyes at Intel* I patched that last month and verified it using the tool you are referring to.

    • bfoster68 says:

      you need to update the version of powershell

    • Paul Sturm says:

      Looks like you're in a old command prompt and not powershell. Type "powershell.exe" in there and it should switch.

    • VinnyH says:

      Make sure you opened the powershell command line, not the normal command prompt

  3. SpitefulGOD says:

    That's the problem with putting a hardware backdoor into every chip, when your toolkit is stolen and sold to the highest bidder you then have to update the key on every processor. This has nothing to do with a software vulnerability it merely updates the keys on the ME chip.

    • 1DaveN says:

      This is a vulnerability in speculative execution. It's nothing to do with the ME.

    • As much as I like a good conspiracy theory, this isn't one, Intel made a huge mistake in the design of its processors plain and simple. They've lost $11 Billion in market capitalization in the past couple of days. The CEO of Intel sold all of his stock as soon as he found out about the problem.

      • Future Bardock says:

        In case you didn't know, conspiracy theory/theorist is the word invented by CIA to discredit alternative theorists (who think outside the box) and prevent you from looking into things they don't want you to know or think about. Conspiracy theory is a trigger word so you would go "oh that's just a conspiracy theory nonsense" even if that happens to be true but not acknowledged by corrupt mainstream.

      • roborat says:

        " conspiracy theory/theorist is the word invented by CIA to discredit alternative theorists "

        Can you please stop watching spy movies and come back to reality.

        The CIA has a specific job to do with an oversight committee made up of elected officials. Learn what your governmental department does and stop believing in made up Hollywood boogeymen.

      • Future Bardock says:

        I am way ahead when it comes to reality than any of you mainstream, authorities, school textbooks believing kids out there.

      • Ordeith says:

        >I am way ahead when it comes to reality than any of you

        Your comment history suggests otherwise.

      • Future Bardock says:

        You mean your comment history suggests otherwise.

      • I do understand the term in its literal and pejorative sense, thanks. @spitefulgod:disqus posted a nearly textbook version of the latter.

      • abh555 says:

        That's strange, I didn't know the CIA was in the business of inventing English words.

      • Kenneth Ambrose says:

        and don't forget to ALWAYS wear your aluminum foil hat. And aluminum foil underwear is crucial nowadays to block those pesky alien port probes!

      • Future Bardock says:

        lol

    • bfoster68 says:

      lol you didn't read about the the issue did you

  4. sgrandin says:

    So I got false for two of them:
    Hardware support for branch target injection mitigation is present: False
    Windows OS support for branch target injection mitigation is enabled: False

    What now? The registry has the correct entry, ASRock (mobo) hasn't released a Z97 Extreme6 firmware update and Intel's Risk Assessment tool says "not vulnerable."

    • 1DaveN says:

      That Intel GUI tool is for a different vulnerability. I'm not finding any updates from Intel or my motherboard manufacturer (Asus) either. I suggest just keeping trying - no one expected this to become public until next week, so it's possible they're just not up yet.

      • sn0wflake says:

        I'm in the same boat as you waiting for an Asus firmware update and a Windows update that should drop this Tuesday. The patch released so far by Microsoft isn't compatible with the Slow ring builds. From what I understand a full patch requires both an Asus (hardware) and Microsoft (software) update to be effective.

  5. Mike S says:

    There is no Ink to supported AV programs.

  6. ardengoy says:

    is there a way to check on PCs without powershell? a batch script or a vbscript?

  7. Tensos Unders says:

    And for the final command type "Bill Gates should not be naming hospital wings after himself -egomaniac"

  8. Who knew CPU vulnerabilities needed PR campaigns. Just waiting for the new and improved Intel processors. We're all going to rush out and buy them. They'll be new and improved and resistant to Meltdown and Spectre. Maybe even a new version of Windows 10. The Fall Meltdown Update I'm thinking.

  9. njsokalski says:

    If that is what the ideal set of results looks like, how do we fix/change it if it is different?

    • Harry says:

      I strongly urge that unless you know your way around a computer that you do nothing. Sit tight, have updates turned on and wait for fixes to come through.

  10. Zootopiaʒooo says:

    Being I disabled Windows Defender on Windows 10, I had to manually put in that QualityCompat registry entry to get the recent MS cumulative patch. I use Malwarebytes free for manual scans, with DEP for all programs enabled and SmartScreen filter still enabled, among other security features used, like AnalogX ScriptDefender and Spybot Hosts file entries, etc. I hate realtime AV, always have, too much a dog. I feel this recent security development is all kinda blown out of proportion.

  11. danielo says:

    Is there a way to diagnose CVE-2017-5753 ?

  12. nimbus says:

    Does this all apply to AMD as well?

    • Adrian Groza says:

      No. The AMD cpus are also vulnerable to one of the attacks but that one is much more sophisticated and requires physical access to the machine (but if your pc gets stolen timing attacks are your least concern). The Intel one is much worse,there is already proof of concept available and it allows remotely executed code (well,sort of, it uses javascript which is content downloaded and run by the browser).

      • sn0wflake says:

        This story broke yesterday; Security Flaw in AMD's Secure Chip-On-Chip Processor Disclosed Online.

      • Adrian Groza says:

        This is not relevant because the patch was already delivered for that last year.

      • sn0wflake says:

        "Cohen's disclosure of the AMD Secure Processor flaw came on the same day fellow Google researchers disclosed details about the Meltdown and Spectre flaws affecting most of the world's CPUs. AMD has confirmed to be affected only by the Spectre flaw."
        It's new.

      • Adrian Groza says:

        You dont understand,the secure processor bug was discovered much earlier,Google has a 90 day policy for discovering and publishing timeframe in order to allow those affected to fix the problem.Both spectre and meltdown were known since last year,the public only had access to the info later and it caught intel off guard.

  13. Brian Gregory says:

    PS C:Windowssystem32> Install-Module SpeculationControl
    The term 'Install-Module' is not recognized as the name of a cmdlet, function, script file, or operable program. Check
    the spelling of the name, or if a path was included, verify that the path is correct and try again.
    At line:1 char:16
    + Install-Module <<<< SpeculationControl
    + CategoryInfo : ObjectNotFound: (Install-Module:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

    WTF?

  14. K. K. VinayKumar says:

    I got false for everything. What to do now?

  15. canbax says:

    thanks useful post

  16. Dave says:

    Wouldn't it be ironic if the (PS) module contains a virus :-)

  17. Andrew Rowland says:

    The term 'Install-Module' is not recognized as the name of a cmdlet, function, script file, or operable program. Check
    the spelling of the name, or if a path was included, verify that the path is correct and try again.

    Clever stuff this.

  18. roborat says:

    And where in your list did it say the CIA invented the word "conspiracy theory"?

    • Dad_All_Day says:

      What does that have to do with your ridiculous assertion that we need to learn what our "government does" and that we should "stop believing in made up Hollywood boogeymen" when there's plenty of evidence that learning what government does only uncovers incompetence, not to mention the occasional actual conspiracy. Or haven't you been paying attention?

      • roborat says:

        You seemed to be the one not paying attention. Read the thread again. Someone was talking about the CIA making up words.

        On the subject of the CIA and it's abuses and incompetence. Your point is completely irrelevant. This is like saying it is the postman's role to come to work and shoot people or the Priest's role to molest children. Like I said go and read what the CIA does and go and understand what the multi-congressional oversight is in place to ensure they operate within their boundary.

  19. michael perugini says:

    I get THE TERM "Install-Module" not recognized.. so i cannot even run it.

    PS C:Windowssystem32> Install-Module SpeculationControl
    The term 'Install-Module' is not recognized as the name of a cmdlet, function, script file, or operable program. Check
    the spelling of the name, or if a path was included, verify that the path is correct and try again.
    At line:1 char:15
    + Install-Module <<<< SpeculationControl
    + CategoryInfo : ObjectNotFound: (Install-Module:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

  20. Greg Zeng says:

    Also launched yesterday: "CPU Vulnerability Assessment and Fix Tool 2.0.exe". 8.90 MB (9,337,792 bytes)

    Windows-only. Gives immediate result. Ok, "safe", when I run Windows Insider Preview 167025, with latest Microsoft updates.

  21. kc says:

    May i know why are we keep patch Server and OS? Why cant somebody advice what services and port need to block at firewall?

© 1998-2020 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.