Speculative Execution Configuration Baseline updated for L1TF CVE-2018-3620

Published 10-17-2018 05:14 PM 936 Views
Microsoft

Updated 2/25/2021: Newer information is available here.

 

First published on TECHNET on Aug 20, 2018
We have updated the Speculative Execution Side-Channel Vulnerabilities Configuration Baseline .  The updated baseline now includes support for verifying the protections for CVE-2018-3620 (L1 Terminal Fault) in addition to the previously supported CVE-2017-5715, CVE-2017-5754 and CVE-2018-3639.

Download the updated baseline


This Compliance Settings configuration baseline is used to confirm whether a system has enabled the mitigations needed to protect against the speculative-execution side-channel vulnerabilities as described in the Microsoft Security Advisories ADV180002 , ADV180012 and ADV180018 . It is based on the functionality in the PowerShell module Get_SpeculationControlSettings . It requires at least PowerShell 3.0.

Read more about mitigating speculative execution side-channel vulnerabilities for Configuration Man...

%3CLINGO-SUB%20id%3D%22lingo-sub-275035%22%20slang%3D%22en-US%22%3ESpeculative%20Execution%20Configuration%20Baseline%20updated%20for%20L1TF%20CVE-2018-3620%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-275035%22%20slang%3D%22en-US%22%3E%3CP%3E%3CFONT%20color%3D%22%23800000%22%3E%3CSTRONG%3EUpdated%202%2F25%2F2021%3A%3C%2FSTRONG%3E%3C%2FFONT%3E%3CSPAN%3E%26nbsp%3BNewer%20information%20is%20available%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fconfiguration-manager-blog%2Fspeculative-execution-configuration-baseline-updated-for%2Fba-p%2F672933%22%20target%3D%22_self%22%3Ehere%3C%2FA%3E%3CSPAN%3E.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EFirst%20published%20on%20TECHNET%20on%20Aug%2020%2C%202018%20%3C%2FSTRONG%3E%20%3CBR%20%2F%3EWe%20have%20updated%20the%20%3CA%20href%3D%22https%3A%2F%2Fgallery.technet.microsoft.com%2FSpeculation-Execution-Side-1483f621%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20Speculative%20Execution%20Side-Channel%20Vulnerabilities%20Configuration%20Baseline%20%3C%2FA%3E%20.%26nbsp%3B%20The%20updated%20baseline%20now%20includes%20support%20for%20verifying%20the%20protections%20for%20%3CA%20href%3D%22https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2018-3620%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3E%20CVE-2018-3620%20%3C%2FA%3E%20(L1%20Terminal%20Fault)%20in%20addition%20to%20the%20previously%20supported%20CVE-2017-5715%2C%20CVE-2017-5754%20and%20CVE-2018-3639.%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-1541440422%22%20id%3D%22toc-hId-1454681345%22%3E%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fdownload%2Fdetails.aspx%3Fid%3D102745%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20Download%20the%20updated%20baseline%20%3C%2FA%3E%3C%2FH3%3E%0A%3CP%3E%3CBR%20%2F%3EThis%20Compliance%20Settings%20configuration%20baseline%20is%20used%20to%20confirm%20whether%20a%20system%20has%20enabled%20the%20mitigations%20needed%20to%20protect%20against%20the%20speculative-execution%20side-channel%20vulnerabilities%20as%20described%20in%20the%20Microsoft%20Security%20Advisories%20%3CA%20href%3D%22https%3A%2F%2Fportal.msrc.microsoft.com%2Fsecurity-guidance%2Fadvisory%2FADV180002%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20ADV180002%20%3C%2FA%3E%20%2C%20%3CA%20href%3D%22https%3A%2F%2Fportal.msrc.microsoft.com%2Fsecurity-guidance%2Fadvisory%2FADV180012%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20ADV180012%20%3C%2FA%3E%20and%20%3CA%20href%3D%22https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-US%2Fsecurity-guidance%2Fadvisory%2FADV180018%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20ADV180018%20%3C%2FA%3E%20.%20It%20is%20based%20on%20the%20functionality%20in%20the%20PowerShell%20module%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FSpeculationControlPS%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20Get_SpeculationControlSettings%20%3C%2FA%3E%20.%26nbsp%3BIt%20requires%20at%20least%20PowerShell%203.0.%20%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fblogs.technet.microsoft.com%2Fconfigurationmgr%2F2018%2F01%2F08%2Fadditional-guidance-to-mitigate-speculative-execution-side-channel-vulnerabilities%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20Read%20more%20about%20mitigating%20speculative%20execution%20side-channel%20vulnerabilities%20for%20Configuration%20Manager%20environments%20%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-275035%22%20slang%3D%22en-US%22%3E%3CP%3EFirst%20published%20on%20TECHNET%20on%20Aug%2020%2C%202018%20We%20have%20updated%20the%20Speculative%20Execution%20Side-Channel%20Vulnerabilities%20Configuration%20Baseline.%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-275035%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECM%20current%20branch%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EDevice%20compliance%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Co-Authors
Version history
Last update:
‎Feb 25 2021 01:57 PM
Updated by: