UNSUBSCRIBE mssms From: [email protected] [mailto:[email protected]] On Behalf Of Kent, Mark Sent: Tuesday, January 9, 2018 11:00 AM To: [email protected] Subject: [mssms] RE: Confused - Spectre / Meltdown
Yeah I see them at the bottom of https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in And they don't really say what they are for. Keep refreshing the page, wait for an edit :) Mark Kent Manager, Client Systems Engineering Technology Support Services Resources for Information, Technology and Education (RITE) http://rite.buffalostate.edu<http://rite.buffalostate.edu/> From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of SCCM FUN Sent: Tuesday, January 9, 2018 10:02 AM To: [email protected]<mailto:[email protected]> Subject: [mssms] Confused - Spectre / Meltdown Can anyone confirm the following? Workstation/Servers - both need the AV key in order to do any patching going forward Workstation At one point in the MS article for workstation patching (4073119) I could of sworn there wasn't anything about having to making registry settings (except for AV) but now it looks like they added 2 registry keys. Were these 2 reg keys always in the KB/needed? reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f Server 3 reg keys need to be added for the server patch to take effect. Are you enabling this on all your servers or just the 3 use cases they list in their article (4072698). reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d "1.0" /f Thanks
