I installed the compliant BIOS version for my Latitude E5470, but haven't yet installed the KB. Oddly (at least to me), I get all negatives:
*Speculation control settings for CVE-2017-5715 [branch target injection]* *Hardware support for branch target injection mitigation is present: False* *Windows OS support for branch target injection mitigation is present: False* *Windows OS support for branch target injection mitigation is enabled: False* *Speculation control settings for CVE-2017-5754 [rogue data cache load]* *Hardware requires kernel VA shadowing: True* *Windows OS support for kernel VA shadow is present: False* *Windows OS support for kernel VA shadow is enabled: False* I would expect the hardware support to be True, but it may all depend on the patch being installed I suppose. Coincidentally (I assume) my hard drive appears to be failing, which started shortly after the BIOS upgrade and I'm pretty sure that's the reason the patch is failing to install. The Event ID 7 "bad block" errors really pile up every time I try to install the patch. On Mon, Jan 8, 2018 at 10:26 AM, Michael Leone <oozerd...@gmail.com> wrote: > On Mon, Jan 8, 2018 at 9:49 AM, Charles F Sullivan < > charles.sulliva...@bc.edu> wrote: > > The firmware update is there for your model: > > http://www.dell.com/support/home/us/en/19/Drivers/ > DriversDetails?driverId=GYM2C > > Yep. Downloaded and installed. I was on ver A9, latest is A21. After > installation reboot, it re-detected all devices, and rebooted a second > time. And my workstation, at least, seems fully covered ... > > > Speculation control settings for CVE-2017-5715 [branch target injection] > > Hardware support for branch target injection mitigation is present: True > Windows OS support for branch target injection mitigation is present: True > Windows OS support for branch target injection mitigation is enabled: True > > Speculation control settings for CVE-2017-5754 [rogue data cache load] > > Hardware requires kernel VA shadowing: True > Windows OS support for kernel VA shadow is present: True > Windows OS support for kernel VA shadow is enabled: True > Windows OS support for PCID performance optimization is enabled: False > [not required for security] > > > BTIHardwarePresent : True > BTIWindowsSupportPresent : True > BTIWindowsSupportEnabled : True > BTIDisabledBySystemPolicy : False > BTIDisabledByNoHardwareSupport : False > KVAShadowRequired : True > KVAShadowWindowsSupportPresent : True > KVAShadowWindowsSupportEnabled : True > KVAShadowPcidEnabled : False > > > Lucky you. I have a couple of older Optiplex models and they aren't on > the > > list, which I assume means that won't bother fixing those. Here's the > entire > > list: > > http://www.dell.com/support/article/us/en/19/sln308587/ > microprocessor-side-channel-attacks--cve-2017-5715--cve- > 2017-5753--cve-2017-5754---impact-on-dell-products?lang=en > > I don't usually deal with our workstation inventory, but it wouldn't > surprise me if we had the same problem. I may have it on a database server, > too, I still need to check. > > > -- Charlie Sullivan Sr. Windows Systems Administrator Boston College 197 Foster St. Room 367 Brighton, MA 02135 617-552-4318