Home
%3CLINGO-SUB%20id%3D%22lingo-sub-672933%22%20slang%3D%22en-US%22%3ESpeculative%20Execution%20Configuration%20Baseline%20updated%20for%20Microarchitectural%20Data%20Sampling%20CVEs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-672933%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20updated%20the%20%3CA%20href%3D%22https%3A%2F%2Fgallery.technet.microsoft.com%2FSpeculation-Execution-Side-1483f621%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3ESpeculative%20Execution%20Side-Channel%20Vulnerabilities%20Configuration%20Baseline%3C%2FA%3E.%26nbsp%3BThe%20updated%20baseline%20now%20includes%20support%20for%20verifying%20the%20protections%20for%20CVEs%202018-12126%2C%202018-12130%2C%202018-12127%2C%202019-11091%20(Microarchitectural%20Data%20Sampling)%20in%20addition%20to%20the%20previously%20supported%20CVE-2017-5715%2C%20CVE-2017-5754%20CVE-2018-3639%20and%20CVE-2018-3620.%20%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fgallery.technet.microsoft.com%2FSpeculation-Execution-Side-1483f621%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3EDownload%20the%20updated%20baseline%20%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CBR%20%2F%3EThis%20Compliance%20Settings%20configuration%20baseline%20is%20used%20to%20confirm%20whether%20a%20system%20has%20enabled%20the%20mitigations%20needed%20to%20protect%20against%20the%20speculative-execution%20side-channel%20vulnerabilities%20as%20described%20in%20the%20Microsoft%20Security%20Advisories%20%3CA%20href%3D%22https%3A%2F%2Fportal.msrc.microsoft.com%2Fsecurity-guidance%2Fadvisory%2FADV180002%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3EADV180002%3C%2FA%3E%2C%20%3CA%20href%3D%22https%3A%2F%2Fportal.msrc.microsoft.com%2Fsecurity-guidance%2Fadvisory%2FADV180012%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3EADV180012%3C%2FA%3E%2C%20%3CU%3E%3CA%20href%3D%22https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-US%2Fsecurity-guidance%2Fadvisory%2FADV180018%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3EADV180018%3C%2FA%3E%3C%2FU%3E%20and%20%3CA%20href%3D%22https%3A%2F%2Fportal.msrc.microsoft.com%2Fsecurity-guidance%2Fadvisory%2FADV190013%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3EADV190013%3C%2FA%3E.%20It%20is%20based%20on%20the%20functionality%20in%20the%20PowerShell%20module%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FSpeculationControlPS%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3EGet_SpeculationControlSettings%3C%2FA%3E.%26nbsp%3BIt%20requires%20at%20least%20PowerShell%203.0.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FConfiguration-Manager-Blog%2FAdditional-guidance-to-mitigate-speculative-execution-side%2Fba-p%2F274974%22%20target%3D%22_self%22%3ERead%20more%20about%20mitigating%20speculative%20execution%20side-channel%20vulnerabilities%20for%20Configuration%20Manager%20environments%3C%2FA%3E.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-672933%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20style%3D%22display%3A%20inline%20!important%3B%20float%3A%20none%3B%20background-color%3A%20%23ffffff%3B%20color%3A%20%23333333%3B%20cursor%3A%20text%3B%20font-family%3A%20inherit%3B%20font-size%3A%2016px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20300%3B%20letter-spacing%3A%20normal%3B%20line-height%3A%201.7142%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%22%3EWe%20have%20updated%20the%20%3C%2FSPAN%3E%3CA%20style%3D%22background-color%3A%20transparent%3B%20box-sizing%3A%20border-box%3B%20color%3A%20%23146cac%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoeui%26amp%3Bquot%3B%2C%26amp%3Bquot%3Blato%26amp%3Bquot%3B%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Carial%2Csans-serif%3B%20font-size%3A%2016px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20300%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20underline%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%22%20href%3D%22https%3A%2F%2Fgallery.technet.microsoft.com%2FSpeculation-Execution-Side-1483f621%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3ESpeculative%20Execution%20Side-Channel%20Vulnerabilities%20Configuration%20Baseline%3C%2FA%3E%3CSPAN%20style%3D%22display%3A%20inline%20!important%3B%20float%3A%20none%3B%20background-color%3A%20%23ffffff%3B%20color%3A%20%23333333%3B%20cursor%3A%20text%3B%20font-family%3A%20inherit%3B%20font-size%3A%2016px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20300%3B%20letter-spacing%3A%20normal%3B%20line-height%3A%201.7142%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%22%3E.%26nbsp%3BThe%20updated%20baseline%20now%20includes%20support%20for%20verifying%20the%20protections%20for%20CVEs%202018-12126%2C%202018-12130%2C%202018-12127%2C%202019-11091%20(Microarchitectural%20Data%20Sampling)%20in%20addition%20to%20the%20previously%20supported%20CVE-2017-5715%2C%20CVE-2017-5754%20CVE-2018-3639%20and%20CVE-2018-3620.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-672933%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECM%202012%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ECM%20current%20branch%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EDevice%20compliance%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EUnified%20Endpoint%20Management%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Microsoft

We have updated the Speculative Execution Side-Channel Vulnerabilities Configuration Baseline. The updated baseline now includes support for verifying the protections for CVEs 2018-12126, 2018-12130, 2018-12127, 2019-11091 (Microarchitectural Data Sampling) in addition to the previously supported CVE-2017-5715, CVE-2017-5754 CVE-2018-3639 and CVE-2018-3620.

Download the updated baseline


This Compliance Settings configuration baseline is used to confirm whether a system has enabled the mitigations needed to protect against the speculative-execution side-channel vulnerabilities as described in the Microsoft Security Advisories ADV180002, ADV180012, ADV180018 and ADV190013. It is based on the functionality in the PowerShell module Get_SpeculationControlSettings. It requires at least PowerShell 3.0.

 

Read more about mitigating speculative execution side-channel vulnerabilities for Configuration Mana....