Got similar like yours
The results didn't changed until after running the Dell Command Update (which installed "Installed Management Engine Components Installer") and installing the BIOS update for the Dell Optiplex, the new result is [cid:ecc93508-926d-4802-a560-def9c99546d7] ________________________________ From: listsad...@lists.myitforum.com <listsad...@lists.myitforum.com> on behalf of Michael Leone <oozerd...@gmail.com> Sent: Tuesday, January 9, 2018 1:23:21 PM To: ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] Are the Meltdown/Spectre reg keys needed for workstations? I've already issued the registry entries, so it looks like this: Speculation control settings for CVE-2017-5715 [branch target injection] Hardware support for branch target injection mitigation is present: False Windows OS support for branch target injection mitigation is present: True Windows OS support for branch target injection mitigation is enabled: False Windows OS support for branch target injection mitigation is disabled by system policy: False Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True Speculation control settings for CVE-2017-5754 [rogue data cache load] Hardware requires kernel VA shadowing: True Windows OS support for kernel VA shadow is present: True Windows OS support for kernel VA shadow is enabled: True Windows OS support for PCID optimization is enabled: False Suggested actions * Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injection mitigation. * Follow the guidance for enabling Windows support for speculation control mitigations are described in https://support.microsoft.com/help/4072698 BTIHardwarePresent : False BTIWindowsSupportPresent : True BTIWindowsSupportEnabled : False BTIDisabledBySystemPolicy : False BTIDisabledByNoHardwareSupport : True KVAShadowRequired : True KVAShadowWindowsSupportPresent : True KVAShadowWindowsSupportEnabled : True KVAShadowPcidEnabled : False On Tue, Jan 9, 2018 at 3:58 PM, Mike <craigslist...@gmail.com<mailto:craigslist...@gmail.com>> wrote: Interesting. Can you post the output of the Get-SpeculationControlSettings command? On Tue, Jan 9, 2018 at 3:12 PM, Michael Leone <oozerd...@gmail.com<mailto:oozerd...@gmail.com>> wrote: On Tue, Jan 9, 2018 at 3:00 PM, Mike <craigslist...@gmail.com<mailto:craigslist...@gmail.com>> wrote: You only need the Registry entries on Server versions. You do need hardware support to protect against CVE-2017-5715. Run the Get-SpeculationControlSettings PowerShell command to get the details. https://gallery.technet.microsoft.com/scriptcenter/Speculation-Control-e36f0050 I have run it. It didn't answer my question. If you don't run the registry entries, some values are false. I take "false" to mean "not as fully protected as you should be". Which indicates to me that I need the registry entries, even if it's not a server. Hence my question ...
