An update. The KB will be revised. The memory management registry keys are for enabling protections on server only; they are not required on the client. You don't generally need to modify these registry keys on client OS.
Also, we released a configuration baseline with Microsoft-signed content to help verify: https://gallery.technet.microsoft.com/Speculation-Execution-Side-1483f621 We'll update our blog soon Aaron From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Dam, Bryan Sent: Tuesday, 9 January, 2018 14:45 To: mssms@lists.myitforum.com Subject: RE: [mssms] RE: Confused - Spectre / Meltdown My testing this afternoon would seem to confirm that the Memory Management keys are not needed on Windows 10. At least as far as the detection script is to be trusted. The result of the script was the same whether the keys didn't exist (the initial state) or if they were set to enabled. If you specifically set them to disabled then the script reported the device vulnerable. Bryan ________________________________ From: listsad...@lists.myitforum.com [listsad...@lists.myitforum.com] on behalf of Adam Juelich [acjuel...@gmail.com] Sent: Tuesday, January 09, 2018 12:06 PM To: mssms@lists.myitforum.com Subject: Re: [mssms] RE: Confused - Spectre / Meltdown Workstation: 1. Registry Key set by A/V (or manually set based on A/V guidance) 2. Windows Update 3. BIOS/Firmware Update from vendor Server: 1. Registry Key set by A/V (or manually set based on A/V guidance) 2. Window Update 3. Push Registry Keys (2 needed, the third is for Hypver-V Hosts - I believe) * Test and monitor performance impact 1. BIOS/Firmware Update from vendor That is my understanding thus far........... Good thing we have nothing else to do ;-) On Tue, Jan 9, 2018 at 10:48 AM, Brian Illner <brian.ill...@canal-ins.com<mailto:brian.ill...@canal-ins.com>> wrote: My understanding was that those keys were just for the ServerOS? I have a Dell laptop that I completed all the tasks for and it does not have the memory management keys and yet it shows as all green in SpeculationControl? Come on MS, your information is changing hourly as each team contradicts the other BRIAN ILLNER | Canal Insurance Company 864.250.9227<tel:(864)%20250-9227> 864.679.2537<tel:(864)%20679-2537> Fax [cid:image001.jpg@01D38A2A.18D777F0] Visit canalinsurance.com<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttp-3A__canalinsurance.com%26d%3DDwMFaQ%26c%3DNjgxpSSi0c1nSHFRGItzyA%26r%3DKWpqtEEfXhZfmzEhpZYWbkTAjRbCjXuhffs_frSMo9A%26m%3D7eAF1on4WbqiIw9gdju7bDCBAuLWPpl3-xnx-V7tdLo%26s%3D4F9X90g5_8HDwoolSyP0lpS66YJK_StnUqgnq7RlN8E%26e%3D&data=02%7C01%7Caaron.czechowski%40microsoft.com%7C7508dd971fe84f01db3208d557b360b3%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636511350339469322&sdata=ZXCT2zHi4oofgFaUtvfp3BxAHNqnTQ5p9BGRkTFILfQ%3D&reserved=0> for news and information. [cid:image002.jpg@01D38A2A.18D777F0]<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__www.linkedin.com_company_canal-2Dinsurance-2Dcompany%26d%3DDwMFaQ%26c%3DNjgxpSSi0c1nSHFRGItzyA%26r%3DKWpqtEEfXhZfmzEhpZYWbkTAjRbCjXuhffs_frSMo9A%26m%3D7eAF1on4WbqiIw9gdju7bDCBAuLWPpl3-xnx-V7tdLo%26s%3D7UyWWN0cTWXprzWCUn6Cfj3jQJ7rgOjYTICTI8nUiWs%26e%3D&data=02%7C01%7Caaron.czechowski%40microsoft.com%7C7508dd971fe84f01db3208d557b360b3%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636511350339469322&sdata=wGJFixgYaKx0C1TpQDkALJHtSmoWaMLSi3OGzvWLa4M%3D&reserved=0> WARNING: As the information in this transmittal (including attachments, if any) may contain confidential, proprietary, or business trade secret information, it should only be reviewed by those who are the intended recipients. Unless you are an intended recipient, any review, use, disclosure, distribution or copying of this transmittal (or any attachments) is strictly prohibited. If you have received this transmittal in error, please notify me immediately by reply email and destroy all copies of the transmittal. While Canal believes this transmittal to be free of virus or other defect, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by Canal (or its subsidiaries and affiliates) for any loss or damage arising therefrom. From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] On Behalf Of Kent, Mark Sent: Tuesday, January 9, 2018 11:00 AM To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com> Subject: [mssms] RE: Confused - Spectre / Meltdown Yeah I see them at the bottom of https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__support.microsoft.com_en-2Dus_help_4073119_protect-2Dagainst-2Dspeculative-2Dexecution-2Dside-2Dchannel-2Dvulnerabilities-2Din%26d%3DDwMFaQ%26c%3DNjgxpSSi0c1nSHFRGItzyA%26r%3DKWpqtEEfXhZfmzEhpZYWbkTAjRbCjXuhffs_frSMo9A%26m%3D7eAF1on4WbqiIw9gdju7bDCBAuLWPpl3-xnx-V7tdLo%26s%3DcLUf0bi6vko7UFOvCMTzShN5j6YjV7C1l9diIlxVppo%26e%3D&data=02%7C01%7Caaron.czechowski%40microsoft.com%7C7508dd971fe84f01db3208d557b360b3%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636511350339469322&sdata=g83B9k%2Fdlz7MIJo%2FZhQLzdJee7N0WGTjmrO%2B7L%2FwIzw%3D&reserved=0> And they don't really say what they are for. Keep refreshing the page, wait for an edit :) Mark Kent Manager, Client Systems Engineering Technology Support Services Resources for Information, Technology and Education (RITE) http://rite.buffalostate.edu<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttp-3A__rite.buffalostate.edu_%26d%3DDwMFaQ%26c%3DNjgxpSSi0c1nSHFRGItzyA%26r%3DKWpqtEEfXhZfmzEhpZYWbkTAjRbCjXuhffs_frSMo9A%26m%3D7eAF1on4WbqiIw9gdju7bDCBAuLWPpl3-xnx-V7tdLo%26s%3DmjHLhJ5kVFFzsaO4k7TI4QWjSQzc582n5qbqYYaBxWU%26e%3D&data=02%7C01%7Caaron.czechowski%40microsoft.com%7C7508dd971fe84f01db3208d557b360b3%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636511350339469322&sdata=EI8%2BH3tOy6iuv383yP4c5h82UNvpQNsxhexGv4xWLp0%3D&reserved=0> From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of SCCM FUN Sent: Tuesday, January 9, 2018 10:02 AM To: mssms@lists.myITforum.com<mailto:mssms@lists.myITforum.com> Subject: [mssms] Confused - Spectre / Meltdown Can anyone confirm the following? Workstation/Servers - both need the AV key in order to do any patching going forward Workstation At one point in the MS article for workstation patching (4073119) I could of sworn there wasn't anything about having to making registry settings (except for AV) but now it looks like they added 2 registry keys. Were these 2 reg keys always in the KB/needed? reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f Server 3 reg keys need to be added for the server patch to take effect. Are you enabling this on all your servers or just the 3 use cases they list in their article (4072698). reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d "1.0" /f Thanks
