Checking Systems for Meltdown & Spectre Vulnerabilities

On Wednesday, January 3rd 2018 Google Project Zero and Intel Security announced Spectre (CVE-2017-5715) & Meltdown (CVE-2017-5754). They affect all Operating Systems running on most industry processors regardless if it's physical or virtual. If you want more information about the vulnerabilities and how they can be exploited be sure to review the links in the reference section at the end of this blog post.

Microsoft Security Response Center released a handy Powershell module tool called SpeculationControl that you can use to verify if any of your Windows systems are vulnerable to these exploits.

If you have Powershell 5.x (which you should) then you can easily install the Powershell module just as you would any other module.

Install-Module -Name SpeculationControl

The module only has a single command in it called Get-SpeculationControlSettings. When you run this command it will verify and provide an easy to read summary for you that is color coded and even provides suggestions for you to improve your security. On a side note, understand that in order for this to run successfully you will need to change your execution policy to bypass or remote signed.


The command is pretty limited. In fact, it has absolutely no options to it at all. So the question is, how can you run it against remote systems? I found a couple great posts just on this topic. Mike Robbins wrote a blog post with a quick and easy way to do just that. Simply put Powershell Remoting allows you the flexibility to run commands/functions against any computer you wish. In Mike's example, he shows a very simple method to call the command to run against a single remote system. Just change $PC_Name to whatever computer name you want to run the command against.

Invoke-Command -ComputerName $PC_Name &{function:Get-SpeculationControlSettings}

As is, you could easily build on this and use Get-ADObject or Get-ADComputer to pull computers from AD and feed it's output to this command by putting it in a for loop. However, Ralph Kyttle wrote a handy guide that went a step farther and can provide you with a nice CSV report on all remote systems you run this against. If you have several systems you need to check, this is a great way to do so.

What if you run Linux? While I have not run a check against my Linux systems, I did find a handy tool on GitHub that seems legit and allows you to verify your Linux Servers.

References

https://meltdownattack.com/
https://blog.barkly.com/meltdown-spectre-patches-list-windows-update-help
https://www.redhat.com/en/blog/what-are-meltdown-and-spectre-heres-what-you-need-know