{"id":6719,"date":"2018-08-25T09:35:07","date_gmt":"2018-08-25T07:35:07","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=6719"},"modified":"2021-01-24T11:58:49","modified_gmt":"2021-01-24T10:58:49","slug":"security-advisory-update-adv180018","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2018\/08\/25\/security-advisory-update-adv180018\/","title":{"rendered":"Security Advisory-Update ADV180018"},"content":{"rendered":"

[German<\/a>]Microsoft released several updates for Windows with Intel Microcode updates on August 14. New a revision of the Microsoft Security Advisory Notification for ADV180018 was published on August 24. Here is the notification from Microsoft\u00a0 – and also an addendum with notes from me.<\/p>\n

<\/p>\n

********************************************************************
\n\"\"Title: Microsoft Security Advisory Notification
\nIssued: August 24, 2018
\n********************************************************************<\/p>\n

Security Advisories Released or Updated on August 24, 2018
\n===================================================<\/p>\n

* Microsoft Security Advisory ADV180018<\/p>\n

– Title: Microsoft guidance to mitigate L1TF variant
\n– ADV180018<\/a>
\n– Reason for Revision: Microsoft is announcing the availability of
\nIntel-validated microcode updates for Windows 10 operating
\nsystems. Please see Microsoft Knowledge Base Article 4093836
\n(https:\/\/support.microsoft.com\/en-us\/help\/4093836) for the
\ncurrent Intel microcode updates.
\n– Originally posted: August 14, 2018
\n– Updated: August 24, 2018
\n– Version: 2.0<\/p>\n

Warning: Microsoft's FAQ advices are wrong!<\/h2>\n

The\u00a0Microsoft Security Advisory ADV180018<\/a>\u00a0contains also a section '2. How do I enable the mitigation for CVE-2017-5754<\/strong>' where they are writing:<\/p>\n

To enable protection for CVE-2017-5715 and CVE 2017-5754:<\/p>\n

reg add \"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Memory Management\" \/v FeatureSettingsOverride \/t REG_DWORD \/d 0<\/strong> \/f<\/p>\n

reg add \"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Memory Management\" \/v FeatureSettingsOverrideMask \/t REG_DWORD \/d 3<\/strong> \/f<\/p>\n

Restart the computer for the changes to take effect.<\/p><\/blockquote>\n

Also\u00a0the\u00a0article\u00a0Windows Server guidance to protect against speculative execution side-channel vulnerabilities<\/a>\u00a0contains these registry settings.<\/p>\n

German blog reader Karl Wester-Ebbinghaus (a consultant in Windows area) pointed out in a comment<\/a> at my German blog, that Microsoft's advice is simply wrong. He wrote within this comment:\u00a0This [the registry entries given above] leads to the deactivation of Microsoft's protection measures to SpectreNG v4 (SSB).\u00a0<\/em>Karl then pointed out, that the correct registry settings\u00a0 for server and clients (AMD and Intel) are:<\/p>\n

reg add \"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Memory Management\" \/v FeatureSettingsOverride \/t REG_DWORD \/d 8<\/strong> \/f<\/p>\n

reg add \"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Memory Management\" \/v FeatureSettingsOverrideMask
\n\/t REG_DWORD \/d 3<\/strong> \/f<\/p>\n

And for Hyper-V<\/p>\n

reg add \"HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Virtualization\" \/v MinVmVersionForCpuBasedMitigations \/t REG_SZ \/d \"1.0\" \/f<\/p>\n

So please note the amended values.<\/p>\n

Similar articles:
\n<\/strong>Microsoft: Issues with Updates KB4456688\/KB4100347?<\/a>
\nIntel Microcode Updates KB4346084, KB4346085, KB4346086, KB4346087, KB4346088 (August 20\/21, 2018)<\/a>)<\/p>\n","protected":false},"excerpt":{"rendered":"

[German]Microsoft released several updates for Windows with Intel Microcode updates on August 14. New a revision of the Microsoft Security Advisory Notification for ADV180018 was published on August 24. Here is the notification from Microsoft\u00a0 – and also an addendum … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580],"tags":[69],"class_list":["post-6719","post","type-post","status-publish","format-standard","hentry","category-security","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/6719","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=6719"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/6719\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=6719"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=6719"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=6719"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}