How to Protect Windows From Meltdown and Spectre Security Threats
Pinterest Stumbleupon Whatsapp
Advertisement

So much for a new year meaning a fresh start. 2017 brought us security vulnerabilities such as WannaCry ransomware How to Unlock WannaCry Ransomware Without Paying a Cent How to Unlock WannaCry Ransomware Without Paying a Cent If you've been hit by WannaCry, all your files are locked away behind a high price. Don't pay those thieves -- try this free tool to unlock your data. Read More and the Equifax hack How to Check If Your Data Was Stolen in the Equifax Breach How to Check If Your Data Was Stolen in the Equifax Breach News just surfaced of an Equifax data breach that affects up to 80 percent of all U.S. credit card users. Are you one of them? Here's how to check. Read More , but things haven’t got much better at the beginning of 2018.

We had only just finished welcoming in the new year when the next security bombshell hit the headlines. And it wasn’t only one flaw, but two. Nicknamed Meltdown and Spectre, the vulnerabilities originate from computer microprocessors. In terms of severity and number of people potentially affected, experts have likened them to 2014’s Heartbleed bug.

The bugs can attack all desktop operating systems, but in this article, we’re only going to focus on Windows. Let’s take a closer look at how the vulnerabilities work and how you can tell whether they have affected you.

Meltdown and Spectre: A Closer Look

Before we explain how to detect the two bugs on your own system, let’s take a moment to fully understand what the two vulnerabilities are and how they work.

The same group of security researchers were responsible for finding both the problems. At an elementary level, they are flaws in processor architecture (i.e. the transistors, logic units, and other tiny components that work together to make a processor function).

The flaw allows a would-be hacker to expose almost any data that a computer processes. That includes passwords, encrypted messages, personal information, and anything else you can think of.

Meltdown only affects Intel processors. Worryingly, the bug has been present since 2011. It uses part of the out-of-order execution (OOOE) process to change the cache state of a CPU. It can then dump the contents of the memory when it usually would be inaccessible.

Spectre can attack Intel, AMD, and ARM processors, and can thus also affect phones, tablets, and smart devices. It uses a processor’s speculative execution and branch prediction in conjunction with cache attacks to trick apps into revealing information that should be hidden within the protected memory area.

Spectre attacks need to be customized on a machine-by-machine basis, meaning they are harder to execute. However, because it’s based on an established practice in the industry, it’s also harder to fix.

Is Your Windows 10 PC Affected by Meltdown?

Thankfully, Microsoft has published a handy PowerShell script Powershell Cmdlets That'll Improve Your Windows Admin Skills Powershell Cmdlets That'll Improve Your Windows Admin Skills Powershell is equal parts command line tool and scripting language. It gives you the ability to automate your computer via the same commands you use to administer it. Read More that you can run on your system. Follow the steps below and you can install and activate an additional module on your system. The results will indicate whether you need to take further steps.

First, run PowerShell as an administrator: press Windows key + Q or open the Start Menu, type PowerShell, right-click the first result (Windows PowerShell, desktop app) and select Run as administrator.

After PowerShell has loaded, follow these steps to find out whether your PC is affected by Meltdown. Note that you can copy-and-paste commands into PowerShell.

  • Enter Install-Module SpeculationControl and press Enter to run the command.
  • Confirm the NuGet provider prompt by entering a Y for Yes and hitting Enter.
  • Do the same for the Untrusted repository prompt.
  • Next, type Set-ExecutionPolicy $SaveExecutionPolicy -Scope Currentuser and press Enter
  • When the installation has completed, type Import-Module SpeculationControl and press Enter.
  • Finally, type Get-SpeculationControlSettings and hit Enter.

windows meltdown spectre vulnerabilities security

After you have run these commands, check the output result for the results — it will be either True or False.

If you see only True messages, congratulations, you are protected and don’t need to take any further action. If a False pops up, your system is vulnerable, and you need to take further action. Be sure to note the suggested actions shown in the results. As shown in the screenshot above, our test computer requires a BIOS/firmware update and yet has to install a patch provided through Windows Update.

How Can You Protect Yourself Against Meltdown?

To the company’s credit, Microsoft originally moved quickly to issue a patch for Meltdown. You can find it through the Windows Update tool (Settings > Update & Security > Windows Update > Check of updates). You need to download and install patch KB4056892 for Windows build 16299.

windows meltdown spectre vulnerabilities security

Troublingly, the patch is incompatible with some antivirus suites. It only works if your security software’s ISV has updated the ALLOW REGKEY in the Windows registry.

You should also update your browser. Google has patched Meltdown in Chrome 64 and Mozilla has updated Firefox in version 57 (Quantum). Microsoft has even patched the latest version of Edge. Check with your browser’s developer if you use a non-mainstream app.

Lastly, you need to update your system’s BIOS How to Update Your UEFI BIOS in Windows How to Update Your UEFI BIOS in Windows Most PC users go without ever updating their BIOS. If you care for continued stability, however, you should periodically check whether an update is available. We show you how to safely update your UEFI BIOS. Read More and firmware. Some computer manufacturers include an app within Windows so you can quickly check for such updates. If your PC manufacturer didn’t supply one, or if you deleted it, you should be able to find updates on the company’s website.

How Can You Protect Yourself Against Spectre?

Meltdown is the more immediate threat and is the easier of the two bugs for hackers to exploit. However, Spectre is harder to remedy.

Because of the way Spectre works, fixing it will require companies to completely redesign the way they build processors. That process could take years, and it could be decades until the current iteration of processors is entirely out of circulation.

But that doesn’t mean Intel hasn’t tried to offer its customers ways to protect themselves. Unfortunately, the response has been a shambles.

In mid-January, Intel released a Spectre patch. Immediately, Windows users started complaining that the patch was buggy; it was forcing their computers to randomly reboot at unexpected times. Intel’s response was to release a second patch. It didn’t fix the issue; the reboot problems continued.

At this point, millions of users have installed the patch. Intel told customers not to download either patch until it could fix the issue. But there was a problem for Windows users. The Intel patch was being delivered through the Windows Update app. Users continued to unwittingly install it; after all, we all know how opaque the current Windows update process Windows Updates Are Set to Get Less Annoying Windows Updates Are Set to Get Less Annoying Under the new system, Windows 10 updates should be smaller in size, be downloaded more efficiently, and put less strain on your system resources. A change you probably won't even notice. Read More is.

While random reboots are certainly annoying, the most worrying part of the buggy patch was the potential for data loss. In Intel’s own words, “It caused higher than expected reboots and other unpredictable system behavior […] which may result in data loss or corruption.”

Fast-forward to the end of January, and Microsoft was forced to step in. The company took a highly unusual step. It issued an out-of-band emergency security update for Windows 7, 8.1, and 10 that completely disables Intel’s patch.

How to Install the Microsoft Fix

Unfortunately, the new patch will not be available through the Windows Update app. You will have to install it manually.

To begin, head to the Microsoft Update Catalog. You need to find Update for Windows (KB4078130). When you’re ready, click on Download.

How to Protect Windows From Meltdown and Spectre Security Threats windows meltdown patch 670x226

Next, click on the [string of text].EXE file.

How to Protect Windows From Meltdown and Spectre Security Threats windows meltdown patch step 2

The file is tiny and will only take a couple of seconds to download. When the download has finished, double-click on the EXE file and follow the on-screen instructions.

So, what about the future? If you’ve been following along, you’ll have realized that affected users are back to where they started: exposed and unprotected.

Hopefully, Intel will release a more successful patch in the coming weeks. In the meantime, you’ll have to sit tight.

Do Meltdown and Spectre Worry You?

It’s understandable to feel worried. After all, our computers quite literally hold the keys to our lives.

But it’s also important to take solace from the facts. You are highly unlikely to be the victim of a Spectre attack. The time and effort a hacker needs to put in for an unspecified return make you an unattractive proposition.

And the big tech companies have known about the two issues since the middle of 2017. They’ve had plenty of time to prepare patches and respond in the best way they are able.

Despite the facts, do the Meltdown and Spectre threats still worry you? You can let us know your thoughts and opinions in the comments section below.

Enjoyed this article? Stay informed by joining our newsletter!

Enter your Email

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. mangledmind
    March 3, 2018 at 3:59 am

    This article only mentions Windows computers/tablets and offers no solutions or notes regarding Android, MacOS, Linux, etc. Does this imply the problem is not the CPU, but Windows? In this case, I am glad that I have not been using Windows for more than a decade now…

  2. Acapricio
    January 18, 2018 at 2:14 am

    So focusing on the point, how can I know if my computer has been already attacked? The script figures out only if my computer is weak to the attack.
    In my opinion, best solution, either if affected or not by the 'virus', just update everything is possible, OS, security patch, bios, etc, directly from system update or product website.

  3. Johan Klos
    January 12, 2018 at 9:39 am

    The article is missing a step where the Execution Policy is changed.
    You will need to do:
    Set-ExecutionPolicy $SaveExecutionPolicy -Scope Currentuser
    before the import-module line.

    Source: https://support.microsoft.com/en-gb/help/4074629/understanding-the-output-of-get-speculationcontrolsettings-powershell

  4. Jim
    January 9, 2018 at 11:36 pm

    When I executed the "Import-Module SpeculationControl" I received the following in red text:

    PS C:\WINDOWS\system32> import-module speculationcontrol
    import-module : File C:\Program
    Files\WindowsPowerShell\Modules\speculationcontrol\1.0.3\SpeculationControl.psm1 cannot be
    loaded because running scripts is disabled on this system. For more information, see
    about_Execution_Policies at https:/go.microsoft.com/fwlink/?LinkID=135170.
    At line:1 char:1
    + import-module speculationcontrol
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : SecurityError: (:) [Import-Module], PSSecurityException
    + FullyQualifiedErrorId : UnauthorizedAccess,Microsoft.PowerShell.Commands.ImportModuleCommand

    I have a Dell Inspiron. So I can't run scripts on my system? Lame.

    • KwaK
      January 10, 2018 at 2:04 pm

      Look at it this way - your system is so secure that even the test failed.

      On a side note - I think it's complaining that it doesn't have admin rights - you might have to run the script or PowerShell as Administrator (right click on either one of them and the option should be there).

      • Jim
        January 10, 2018 at 3:31 pm

        Thanks KwaK. After I read the reference on scripts being disabled on my system, I had to first execute: set-executionpolicy allsigned -scope localmachine and then I was able to continue. Kindly, Jim

    • John Doe
      January 10, 2018 at 7:47 pm

      Type: "set-executionpolicy" (without the quot.marks) and press Enter. When the blinking prompt appears, type "Unrestricted" and confirm with "y". Now you'll be able to run scripts. When you finally finish your computer check, for your security you'd better revert back by typing "set-executionpolicy" and "Restricted" at the prompt.

  5. David Martchouk
    January 9, 2018 at 10:35 pm

    Notes I found regarding Windows 7 powershell: "the Install-Module command was introduced to PowerShell in version 5.0. Most Windows 7 machines will not have this version, due to the upgrades being optional and unrelated to security. Any machine with an outdated version of PowerShell can still run the Get-SpeculationControlSettings function below, however, as long as you can obtain the contents of the script and run it ad-hoc." from https://blog.barkly.com/meltdown-and-spectre-mitigation

    How do I "obtain the contents of the script"? lol

    • David Martchouk
      January 31, 2018 at 6:23 pm

      From another website about Meltdown check: "If you’re using Windows 7, you will first need to download the Windows Management Framework 5.0 software, which will install a newer version of PowerShell on your system. The script below won’t run properly without it. If you’re using Windows 10, you already have the latest version of PowerShell installed."

      https://www.microsoft.com/en-us/download/details.aspx?id=50395

  6. Kenneth Ciszewski
    January 9, 2018 at 10:21 pm

    So I tried this on a Windows 7 Home Premium system and it doesn't recognize "Install-Module"???????

  7. John Doe
    January 9, 2018 at 5:58 pm

    Would it have been too much trouble for you to mention which Windows OS you have in mind when advising on Meltdown susceptibility check? Windows 7 is still supported by MS, and its PowerShell doesn't recognize the Install-Module command.