A quick way to see if you are at risk for CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre)
PS > Install-Module SpeculationControl
PS > Get-SpeculationControlSettings
If you see those red line you are at risk;
Hardware support for branch target injection mitigation is present: False
Windows OS support for branch target injection mitigation is present: False
Windows OS support for branch target injection mitigation is enabled: False
Windows OS support for kernel VA shadow is present: False
Windows OS support for kernel VA shadow is enabled: False
Now on another note, the patch KB4056892 (OS Build 16299.192) break a lot of Antivirus.
If automatic updates are enabled, the January 2018 Windows security update will be offered to the devices running supported anti-virus (AV) applications. Updates can be installed in any order.
A quick and dirty tip, if the install is installed is to add that registry key for disabling the fix for the time your Antivirus get updated;
Contact your Anti-Virus AV to confirm that their software is compatible and have set the following REGKEY on the machine
Key=”HKEY_LOCAL_MACHINE”Subkey=”SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat”
Value Name=”cadca5fe-87d3-4b96-b7fb-a231484277cc”
Type=”REG_DWORD”
Data=”0x00000000”
Reference:
ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilities
January 3, 2018—KB4056892 (OS Build 16299.192)
Phil’s Blog | IT to the core ! 