JBC Posted June 11, 2018 Report post Posted June 11, 2018 Has anyone developed an application that will run the Get-SpeculationControl script from Microsoft and return useful results? I have a few ideas on how to do it. I want to develop a script that checks if the computer is compliant and write a registry key which I can check for success/failure. I am not sure how to design this since I would have to install the module on each computer as part of the application. 30% of my computers are offline most of the time which is why I want to do this with SCCM so it runs as they connect to the network. If someone has already developed something that works I'd like to know how it was done. Quote Share this post Link to post Share on other sites More sharing options...
teamfox201 Posted June 11, 2018 Report post Posted June 11, 2018 4 hours ago, JBC said: Has anyone developed an application that will run the Get-SpeculationControl script from Microsoft and return useful results? I have a few ideas on how to do it. I want to develop a script that checks if the computer is compliant and write a registry key which I can check for success/failure. I am not sure how to design this since I would have to install the module on each computer as part of the application. 30% of my computers are offline most of the time which is why I want to do this with SCCM so it runs as they connect to the network. If someone has already developed something that works I'd like to know how it was done. To be fair, I have not tested this method but I do not see a reason it would not work as long as the return codes are properly returned and captured during deployment. I would use the application developed by Steve Gibson https://www.grc.com/inspectre.htm . Don't let the basic website fool you, he is reputable. Package that up in SCCM with the "probe" command , and based on the exit code returned to SCCM you should get a pretty good picture of which systems are vulnerable. I just noticed in release #4 , he gives you sample scripts you can use: https://www.grc.com/inspectre/InSpectre-Probe-Samples.zip Release #4 — Silent System Probe Option:When InSpectre is launched with the string “probe” in its command line, its Windows user interface will be suppressed and InSpectre will act like a command-line utility. It will assess its hosting system's status, then immediately terminate itself returning a decimal exitcode which encodes the eight “trouble bits” shown below, which itemizes any trouble. Therefore, for example, an exitcode of zero (0) is returned only by a fully secure system. Decimal Value Trouble Itemization 1 OS is not aware of the Meltdown vulnerability 2 OS is not aware of the Spectre vulnerability 4 The system is vulnerable to Meltdown 8 The system is vulnerable to Spectre 16 CPU does not support Spectre (microcode not updated) 32 CPU does not support low-overhead Meltdown protection 64 Meltdown protection disabled by registry setting 128 Spectre protection disabled by registry setting Quote Share this post Link to post Share on other sites More sharing options...
JBC Posted June 11, 2018 Report post Posted June 11, 2018 Thanks, this is what I was looking for. I love Steve Gibson. I listen to Security Now but forgot about this. Quote Share this post Link to post Share on other sites More sharing options...
JBC Posted June 12, 2018 Report post Posted June 12, 2018 I found a CI from Microsoft that is even better. https://gallery.technet.microsoft.com/Speculation-Execution-Side-1483f621 Quote Share this post Link to post Share on other sites More sharing options...
teamfox201 Posted June 12, 2018 Report post Posted June 12, 2018 Good find!! Your question sparked curiosity about our environment but we still have Powershell 2.0 on Windows 7 systems. Quote Share this post Link to post Share on other sites More sharing options...
JBC Posted June 12, 2018 Report post Posted June 12, 2018 2 minutes ago, teamfox201 said: Good find!! Your question sparked curiosity about our environment but we still have Powershell 2.0 on Windows 7 systems. I upgraded our Windows 7 computers to 4.0. It's pretty easy with ConfigMgr. Quote Share this post Link to post Share on other sites More sharing options...
