Windows 10: To mitigate meltdown insecurity threat CVE-2017-5754 Rogue Data Access using C/C++ high...

Discus and support To mitigate meltdown insecurity threat CVE-2017-5754 Rogue Data Access using C/C++ high... in AntiVirus, Firewalls and System Security to solve the problem; I have a query on spectre and meltdown insecurity threats to modern CPUs. How can software developers can mitigate these in their c/c++ code. I have a... Discussion in 'AntiVirus, Firewalls and System Security' started by Sachin Chavan, Jun 18, 2019.

  1. SACHIN CHAVAN
    Sachin Chavan Win User

    To mitigate meltdown insecurity threat CVE-2017-5754 Rogue Data Access using C/C++ high...


    I have a query on spectre and meltdown insecurity threats to modern CPUs. How can software developers
    can mitigate these in their c/c++ code. I have a query

    Can we mitigate meltdown variant CVE-2017-5754 called as Rogue Data Access
    in c/c++ logic? or in MSVC compiler? or in Visual Studio compiler?
    regards
    sachindeo

    :)
     
    Sachin Chavan, Jun 18, 2019
    #1
  2. NBIT_007
    NBIT_007 Win User

    spectre and meltdown vulnerabilities fix causing bsod for windows 10

    Hello all ,

    Post applying the spectre and meltdown vulnerabilities fix for couple of system of my mixed environment,i see few of win10 systems are crashing post applying following setting and restarting due to BSOD . where as my environment having Intel and AMD family
    Processors and same solution worked perfectly for Win-7 and Win 8 with out any Noise .where as for W10 out 30 test machines 15 got crashed.

    Config-applied :

    Manage Speculative Store Bypass and mitigations around Spectre Variant 2 and Meltdown

    Applies to: Windows 10, version 1803, Windows 10, version 1709, Windows 10, version
    1703, Windows 10, version 1607, Windows 10, Windows 8.1, and Windows 7 SP1.

    Enable mitigations around Speculative Store Bypass (CVE-2018-3639) together with mitigations around Spectre Variant 2 (CVE-2017-5715 "Branch Target Injection") and Meltdown (CVE-2017-5754) through the following registry settings
    (because they are not enabled by default).


    • [table][tr][td]reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 8 /freg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f[/td][/tr][/table]

      Note These registry changes require administrative rights and a restart.
    • Disable mitigations around Speculative Store Bypass (CVE-2018-3639) through the following registry settings.


      [table][tr][td]reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /freg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /f[/td][/tr][/table]

      Note These registry changes require administrative rights and a restart.
    any suggestion and solutions ...

    Thanks ,

    Naresh.
     
    NBIT_007, Jun 18, 2019
    #2
  3. TYPANGBURN
    TyPangburn Win User
    meltdown patch related question.

    I was able to go through some hoops and was able to get the latest microcode for my Intel kaby lake processor loaded using this Vmware windows driver tool. However there doesn't seem to be a way to enable the windows patch on the fly unfortunately. Is there
    anyway to get windows to enable the meltdown patch after boot up? I do hear the patch is being pulled because of the AMD issue so who knows now totally. I was mainly trying to do this so on old machines with no hope of a BIOS update anytime soon could be
    patched.

    Now I get this on the patch test.

    PS C:\script\SpeculationControl> Get-SpeculationControlSettings

    Speculation control settings for CVE-2017-5715 [branch target injection]

    Hardware support for branch target injection mitigation is present: True

    Windows OS support for branch target injection mitigation is present: True

    Windows OS support for branch target injection mitigation is enabled: False

    Windows OS support for branch target injection mitigation is disabled by system policy: False

    Windows OS support for branch target injection mitigation is disabled by absence of hardware support: False

    Speculation control settings for CVE-2017-5754 [rogue data cache load]

    Hardware requires kernel VA shadowing: True

    Windows OS support for kernel VA shadow is present: True

    Windows OS support for kernel VA shadow is enabled: True

    Windows OS support for PCID performance optimization is enabled: True [not required for security]

    Suggested actions

    * Follow the guidance for enabling Windows Client support for speculation control mitigations described in https://support.microsoft.com/help/4073119

    BTIHardwarePresent : True

    BTIWindowsSupportPresent : True

    BTIWindowsSupportEnabled : False

    BTIDisabledBySystemPolicy : False

    BTIDisabledByNoHardwareSupport : False

    KVAShadowRequired : True

    KVAShadowWindowsSupportPresent : True

    KVAShadowWindowsSupportEnabled : True

    KVAShadowPcidEnabled : True

    Moved fromTo mitigate meltdown insecurity threat CVE-2017-5754 Rogue Data Access using C/C++ high... :( Windows / Windows 10 / Security & privacy )
     
    TyPangburn, Jun 18, 2019
    #3
  4. BACILLUS
    bacillus Win User

    To mitigate meltdown insecurity threat CVE-2017-5754 Rogue Data Access using C/C++ high...

    I thought that version 1709 build 16299.192 addressed the Meltdown flaw...

    OK this is what I'm seeing and bear in mind Dell hasn't so far issued a new updated firmware for this laptop:

    PS C:\WINDOWS\system32> Get-SpeculationControlSettings

    Speculation control settings for CVE-2017-5715 [branch target injection]

    For more information about the output below, please refer to https://support.microsoft.com/en-in/help/4074629

    Hardware support for branch target injection mitigation is present: False

    Windows OS support for branch target injection mitigation is present: True

    Windows OS support for branch target injection mitigation is enabled: False

    Windows OS support for branch target injection mitigation is disabled by system policy: False

    Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True

    Speculation control settings for CVE-2017-5754 [rogue data cache load]

    Hardware requires kernel VA shadowing: True

    Windows OS support for kernel VA shadow is present: False

    Windows OS support for kernel VA shadow is enabled: False

    Suggested actions

    * Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injection mitigation.

    * Install the latest available updates for Windows with support for speculation control mitigations.

    * Follow the guidance for enabling Windows Client support for speculation control mitigations described in https://support.microsoft.com/help/4073119

    BTIHardwarePresent : False

    BTIWindowsSupportPresent : True

    BTIWindowsSupportEnabled : False

    BTIDisabledBySystemPolicy : False

    BTIDisabledByNoHardwareSupport : True

    KVAShadowRequired : True

    KVAShadowWindowsSupportPresent : False

    KVAShadowWindowsSupportEnabled : False

    KVAShadowPcidEnabled : False
     
    bacillus, Jun 18, 2019
    #4
Thema:

To mitigate meltdown insecurity threat CVE-2017-5754 Rogue Data Access using C/C++ high...

Loading...

  1. To mitigate meltdown insecurity threat CVE-2017-5754 Rogue Data Access using C/C++ high... - Similar Threads - mitigate meltdown insecurity

  2. Microsoft CVE-2017-5715: Guidance to mitigate speculative execution side-channel...

    in AntiVirus, Firewalls and System Security
    Microsoft CVE-2017-5715: Guidance to mitigate speculative execution side-channel...: Microsoft CVE-2017-5715: Guidance to mitigate speculative execution side-channel vulnerabilitiesMicrosoft CVE-2017-5753: Guidance to mitigate speculative execution side-channel vulnerabilitiesMicrosoft CVE-2017-5754: Guidance to mitigate speculative execution side-channel...

  3. C drive used space high

    in Windows 10 Network and Sharing
    C drive used space high: Hi. My C drive on Windows 10 Home shows Capacity 547 GB, used 245 GB, 329 GB. The installed programs are Edge, Firefox, Revo Uninstall Cyberlink 19, Office Student 2007, Cortana.It looks as if there is at least 165 GB unaccounted for.How do I find what is there and how to...

  4. C drive used space high

    in Windows 10 Gaming
    C drive used space high: Hi. My C drive on Windows 10 Home shows Capacity 547 GB, used 245 GB, 329 GB. The installed programs are Edge, Firefox, Revo Uninstall Cyberlink 19, Office Student 2007, Cortana.It looks as if there is at least 165 GB unaccounted for.How do I find what is there and how to...

  5. C drive used space high

    in Windows 10 Software and Apps
    C drive used space high: Hi. My C drive on Windows 10 Home shows Capacity 547 GB, used 245 GB, 329 GB. The installed programs are Edge, Firefox, Revo Uninstall Cyberlink 19, Office Student 2007, Cortana.It looks as if there is at least 165 GB unaccounted for.How do I find what is there and how to...

  6. Realtime high frequency data refresh using WinForms and C#

    in Windows 10 BSOD Crashes and Debugging
    Realtime high frequency data refresh using WinForms and C#: I am facing an issue where the main thread is not handling high frequency data refresh. This is causing the application to slow down and impacting other tasks. Is there any way to increase the data refresh to more than 400 times per second. This issue is occurring on...

  7. To implement Retpoline function in c/c++ high level function for mitigating Spectre variant...

    in AntiVirus, Firewalls and System Security
    To implement Retpoline function in c/c++ high level function for mitigating Spectre variant...: I have a query on spectre insecurity threats to modern CPUs on Windows OS. CVE-2017-5715, also known as spectre variant 2. Branch target injection spectre variant 2 can be mitigated using retpoline. I am unable to implement retpoline in c/c++ function. Can some one help? I...

  8. Enable Retpoline to mitigate Spectre variant 2 (CVE-2017-5715)

    in AntiVirus, Firewalls and System Security
    Enable Retpoline to mitigate Spectre variant 2 (CVE-2017-5715): Following the release of Cumulative Update KB4482887 Windows 10 v1809 Build 17763.348 there is a lot of discussion regarding the new Retpoline mitigation. This feature has been included in the KB4482887, but is disabled by default. In future updates, or the next Feature...

  9. Can Spectre, Meltdown etc mitigations be bypassed?

    in Windows 10 Support
    Can Spectre, Meltdown etc mitigations be bypassed?: I noticed Chrome have updated their browser with a 'new security feature' that will keep users safe from Spectre etc, however it will use 10-13% more RAM because of the increased number of processes running in real time. With this in mind - I know Microsoft has said that...

  10. KVA Shadow: Mitigating Meltdown on Windows

    in Windows 10 News
    KVA Shadow: Mitigating Meltdown on Windows: On January 3rd, 2018, Microsoft released an advisory and security updates that relate to a new class of discovered hardware vulnerabilities, termed speculative execution side channels, that affect the design methodology and implementation decisions behind many modern...

Users found this page by searching for:

  1. To enable mitigations for CVE-2017-5754 (Meltdown)