Comments on: Microsoft Guidance to protect against speculative execution side-channel vulnerabilities on Windows, Windows Server and Azure (Meltdown and Spectre) https://www.thomasmaurer.ch/2018/01/microsoft-guidance-to-protect-against-speculative-execution-side-channel-vulnerabilities-on-windows-windows-server-and-azure-meltdown-spectre/ Cloud and Datacenter Blog focusing on Microsoft Azure Sat, 24 Feb 2018 12:38:16 +0000 hourly 1 https://wordpress.org/?v=6.4.1 By: Thomas Maurer https://www.thomasmaurer.ch/2018/01/microsoft-guidance-to-protect-against-speculative-execution-side-channel-vulnerabilities-on-windows-windows-server-and-azure-meltdown-spectre/#comment-696587 Fri, 12 Jan 2018 16:50:53 +0000 https://www.thomasmaurer.ch/?p=9065#comment-696587 In reply to Simon.

Seems to be the correct output. The host needs to be all green.

]]> By: Simon https://www.thomasmaurer.ch/2018/01/microsoft-guidance-to-protect-against-speculative-execution-side-channel-vulnerabilities-on-windows-windows-server-and-azure-meltdown-spectre/#comment-696580 Fri, 12 Jan 2018 14:03:45 +0000 https://www.thomasmaurer.ch/?p=9065#comment-696580 The output on the hosts are all green, but not on the VM. I did run the registry script on the VM too.

]]> By: Thomas Maurer https://www.thomasmaurer.ch/2018/01/microsoft-guidance-to-protect-against-speculative-execution-side-channel-vulnerabilities-on-windows-windows-server-and-azure-meltdown-spectre/#comment-696579 Fri, 12 Jan 2018 14:02:16 +0000 https://www.thomasmaurer.ch/?p=9065#comment-696579 In reply to Simon.

On the host or on the VM? Where did you run the script?

]]> By: Simon https://www.thomasmaurer.ch/2018/01/microsoft-guidance-to-protect-against-speculative-execution-side-channel-vulnerabilities-on-windows-windows-server-and-azure-meltdown-spectre/#comment-696578 Fri, 12 Jan 2018 13:45:45 +0000 https://www.thomasmaurer.ch/?p=9065#comment-696578 Thanks, I was able to patch the Hyper-V Servers, apply the BIOS Update for DL380 G9 and apply the registry fix.
I still have the following output: https://www.bleepstatic.com/images/news/u/986406/Microsoft/Windows10/Meltdown+Spectre-Powershell-post-update.png

What is missing?

]]> By: Thomas Maurer https://www.thomasmaurer.ch/2018/01/microsoft-guidance-to-protect-against-speculative-execution-side-channel-vulnerabilities-on-windows-windows-server-and-azure-meltdown-spectre/#comment-696575 Fri, 12 Jan 2018 11:32:00 +0000 https://www.thomasmaurer.ch/?p=9065#comment-696575 In reply to Bruno.

Looks like this is the normal behavior inside a VM

]]> By: Thomas Maurer https://www.thomasmaurer.ch/2018/01/microsoft-guidance-to-protect-against-speculative-execution-side-channel-vulnerabilities-on-windows-windows-server-and-azure-meltdown-spectre/#comment-696574 Fri, 12 Jan 2018 11:31:37 +0000 https://www.thomasmaurer.ch/?p=9065#comment-696574 In reply to Simon.

Windows Server 2012 R2 KB4056898 should address the issue for Hyper-V Server 2012 R2. Make sure you also update the BIOS/Firmware

Thomas

]]> By: Simon https://www.thomasmaurer.ch/2018/01/microsoft-guidance-to-protect-against-speculative-execution-side-channel-vulnerabilities-on-windows-windows-server-and-azure-meltdown-spectre/#comment-696573 Fri, 12 Jan 2018 10:57:51 +0000 https://www.thomasmaurer.ch/?p=9065#comment-696573 Hi Thomas, thanks for this article. Which version do I have to install if it’s a Hyper-V Server 2012 R2?
Thanks, Simon

]]> By: Bruno https://www.thomasmaurer.ch/2018/01/microsoft-guidance-to-protect-against-speculative-execution-side-channel-vulnerabilities-on-windows-windows-server-and-azure-meltdown-spectre/#comment-696495 Wed, 10 Jan 2018 08:57:50 +0000 https://www.thomasmaurer.ch/?p=9065#comment-696495 Thanks Thomas for this article.

On a Win2016 Server in Azure patched with 4056890, the powershell result shows only one line green:

Hardware support for branch target injection mitigation is present: False (red)
Windows OS support for branch target injection mitigation is present: True (green)
Windows OS support for branch target injection mitigation is enabled: False (red)
Windows OS support for branch target injection mitigation is disabled by system policy: True (red)
Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True (red)

Do i have to add the Reg-Key mentioned in the KB-article ? (i know, some of them are bios-related until they will be green).

Thx
Bruno

]]> By: Thomas Maurer https://www.thomasmaurer.ch/2018/01/microsoft-guidance-to-protect-against-speculative-execution-side-channel-vulnerabilities-on-windows-windows-server-and-azure-meltdown-spectre/#comment-696398 Mon, 08 Jan 2018 15:36:16 +0000 https://www.thomasmaurer.ch/?p=9065#comment-696398 In reply to Anas.

If it is Windows Sevrer 2016 it is https://support.microsoft.com/en-gb/help/4056890

]]> By: Anas https://www.thomasmaurer.ch/2018/01/microsoft-guidance-to-protect-against-speculative-execution-side-channel-vulnerabilities-on-windows-windows-server-and-azure-meltdown-spectre/#comment-696397 Mon, 08 Jan 2018 14:41:24 +0000 https://www.thomasmaurer.ch/?p=9065#comment-696397 If my servers run Windows server 2016 with GUI, then should I install KB4056890 or KB4056892?

]]>