I've already issued the registry entries, so it looks like this: Speculation control settings for CVE-2017-5715 [branch target injection]
Hardware support for branch target injection mitigation is present: False Windows OS support for branch target injection mitigation is present: True Windows OS support for branch target injection mitigation is enabled: False Windows OS support for branch target injection mitigation is disabled by system policy: False Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True Speculation control settings for CVE-2017-5754 [rogue data cache load] Hardware requires kernel VA shadowing: True Windows OS support for kernel VA shadow is present: True Windows OS support for kernel VA shadow is enabled: True Windows OS support for PCID optimization is enabled: False Suggested actions * Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injection mitigation. * Follow the guidance for enabling Windows support for speculation control mitigations are described in https://support.microsoft.com/help/4072698 BTIHardwarePresent : False BTIWindowsSupportPresent : True BTIWindowsSupportEnabled : False BTIDisabledBySystemPolicy : False BTIDisabledByNoHardwareSupport : True KVAShadowRequired : True KVAShadowWindowsSupportPresent : True KVAShadowWindowsSupportEnabled : True KVAShadowPcidEnabled : False On Tue, Jan 9, 2018 at 3:58 PM, Mike <craigslist...@gmail.com> wrote: > Interesting. Can you post the output of the Get-SpeculationControlSettings > command? > > On Tue, Jan 9, 2018 at 3:12 PM, Michael Leone <oozerd...@gmail.com> wrote: > >> On Tue, Jan 9, 2018 at 3:00 PM, Mike <craigslist...@gmail.com> wrote: >> >>> You only need the Registry entries on Server versions. >>> You do need hardware support to protect against CVE-2017-5715. >>> >>> Run the Get-SpeculationControlSettings PowerShell command to get the >>> details. >>> https://gallery.technet.microsoft.com/scriptcenter/Speculati >>> on-Control-e36f0050 >>> >> >> >> I have run it. It didn't answer my question. If you don't run the >> registry entries, some values are false. I take "false" to mean "not as >> fully protected as you should be". Which indicates to me that I need the >> registry entries, even if it's not a server. >> >> Hence my question ... >> >> >