Speculation Control Validation PowerShell Script

This is described in the blog topic: "Windows Server guidance to protect against the speculative execution side-channel vulnerabilities."

 
 
 
 
 
4.4 Star
(20)
70,007 times
Add to favorites
Security
9/5/2018
E-mail Twitter del.icio.us Digg Facebook
  • Error while importing Module
    3 Posts | Last post February 16, 2018
    • I followed the steps as explained in the description, however I am getting the following error message:
      
      PS C:\SpeculationControl> Import-Module .\SpeculationControl.psd1
      Import-Module : The 'C:\SpeculationControl\SpeculationControl.psd1' module cannot be imported because its manifest contains one or more members that are not valid. The valid manifest members are ('ModuleToProcess', 'NestedModules', 'GUID', 'Author', 'CompanyName', 'Copyright', 'ModuleVersion', 'Des
      cription', 'PowerShellVersion', 'PowerShellHostName', 'PowerShellHostVersion', 'CLRVersion', 'DotNetFrameworkVersion', 'ProcessorArchitecture', 'RequiredModules', 'TypesToProcess', 'FormatsToProcess', 'ScriptsToProcess', 'PrivateData', 'RequiredAssemblies', 'ModuleList', 'FileList', 'FunctionsToExp
      ort', 'VariablesToExport', 'AliasesToExport', 'CmdletsToExport'). Remove the members that are not valid ('RootModule'), then try to import the module again.
      At line:1 char:14
      + Import-Module <<<<  .\SpeculationControl.psd1
          + CategoryInfo          : InvalidData: (C:\SpeculationC...ionControl.psd1:String) [Import-Module], InvalidOperationException
          + FullyQualifiedErrorId : Modules_InvalidManifestMember,Microsoft.PowerShell.Commands.ImportModuleCommand
      
      I checked for SpeculationControl.psm1 referenced in RootModule and the file looks okay to me (therefore, it also exists in the same directory). Any suggestions?
    • Change in SpeculationControl.PSD1 (!) "RootModule" to "ModuleToProcess". That worked for me on Win 7.
    • Hago67 thanks for this. That change works on Windows 2008R2 as well after having received the same error as above.
  • zip file is corrupted
    2 Posts | Last post January 24, 2018
    • Any updates on this?
    • just downloaded and uncompressed the file and it and works like a charm
  • Speculation cntrol
    2 Posts | Last post January 22, 2018
    • When I run the script i get an error
      Unsupported processor manufacturer:
      At C:\scripts\SpeculationControl\SpeculationControl.psm1:148 char:18
      +             throw <<<<  ("Unsupported processor manufacturer: {0}" -f $cpu.Manufacturer)
          + CategoryInfo          : OperationStopped: (Unsupported processor manufacturer: :String) [], RuntimeException
          + FullyQualifiedErrorId : Unsupported processor manufacturer:
      
      Please advise, Its a Dell serever
    • Hello IJThomas,
      
      I am not the owner of the script, but this is related to the Get-WMIObject command, when used we can retrieve $cpu.manufacturer because of the powershell version.
      As workaround, you can simply replace the line $manufacturer = $cpu.Manufacturer by $manufacturer = "GenuineIntel" in the psm1 file
      
      Be careful by doing that, do not apply an Intel script on AMD processor, so if you have AMD CPU you need to replace by $manufacturer = "AuthenticAMD"
      
      Hope you will understand and this will help you until the author make a real workaround (I didn't waste any time on it since we have only Intel CPUs, I just deleted the check because I know what I am doing)
  • Hardware and Windows support is present but still disabled???
    11 Posts | Last post January 21, 2018
    • Hardware support for branch target injection mitigation is present: True
      Windows OS support for branch target injection mitigation is present: True
      Windows OS support for branch target injection mitigation is enabled: False
      Windows OS support for branch target injection mitigation is disabled by system policy: False
      Windows OS support for branch target injection mitigation is disabled by absence of hardware support: False
      
      What does that even mean? Why disabled if not by system policy or absence of hardware support?
    • Is this a Windows Server? If so, you need to enable the mitigations in the registry: https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution
    • No, this is Windows Client. And just to be safe I tried enabling it in the registry and it didn't help.
    • Here is verbose output:
      BpbEnabled                   : False
      BpbDisabledSystemPolicy      : False
      BpbDisabledNoHardwareSupport : False
      HwReg1Enumerated             : True
      HwReg2Enumerated             : True
      HwMode1Present               : False
      HwMode2Present               : False
      SmepPresent                  : True
    • Sorry, have to ask.  Did you install BIOS updates pertinent to the vulnerabilities as well as Windows updates?
    • There was no BIOS update for my motherboard model and probably won't be at all. But I updated CPU microcode and script says that hardware support is present.
    • Anything?
    • Depending on how you updated CPU microcode it does not always persist across restarts. Usually a full BIOS update is required for a permanent update.
    • According to HWINFO it persists. I wrote down uCU before update, after update and after restart. It doesn't change after restart.
    • Try testing with https://www.grc.com/inspectre.htm
      
      I have found that using the VMware driver method to update microcode works and persists across restarts. Subsequently running uninstall (which you would expect would just remove the VMware driver) reverts the microcode. A BIOS update would still be my preferred, permanent, method as the microcode update using the VMware driver is a workaround (e.g. what happens if/when you rebuild your PC or upgrade Windows 10?). Problem is, OEMs are taking ages to release updated BIOS and no guarantee they ever will for older products.
    • I didn't uninstall VMWare driver. I tried InSpectre. It says that system isn't vulnerable to Spectre (all green, hardware update is present, etc), but button shows "Enable Spectre Protection" like it hasn't been enabled (clicking on button changes it's state but it's back after I run InSpectre again). For Meltdown there is "Disable Meltdown Protection" which means it's enabled.
      
      Speculation control script still shows that Spectre protection isn't enabled.
  • zip is empty again?
    3 Posts | Last post January 19, 2018
    • zip is empty again?
    • yes, i got a empty .zip file, too...
    • This is a shortened link to the zip file (not a copy/mirror) - it might help?
      http://bit.ly/2DkC3vZ
  • Get-Help declares version as 1.3
    1 Posts | Last post January 19, 2018
    • ... yet it's defined as 1.0.4 here
      
  • zip-file is corrupted
    1 Posts | Last post January 18, 2018
    • zip-file is corrupted
  • zip is empty again?
    1 Posts | Last post January 18, 2018
  • ZIP is empty after download
    3 Posts | Last post January 17, 2018
    • the SpeculationControl.zip is empty after downloading it !
    • Same issue here. Tested on different browsers and different machines.
    • You can download the script now
  • 0 byte download
    2 Posts | Last post January 14, 2018
    • The file contains nothing. I tried downloading via 2 different connections on 2 different laptops, one Win 7 one Win 10.
    • You can import the this PS module directly to your laptop by below 4 PowerShell commands in Administrator mode.
      
      I ran this for first time in windows 10 and it worked for me. You can give it a try
      
      PS C:\install\SpeculationControl> Import-Module PackageManagement
      PS C:\install\SpeculationControl> Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
      
      Name                           Version          Source                         Summary
      ----                           -------          ------                         -------
      nuget                          2.8.5.208        https://oneget.org/nuget-2.... NuGet provider for the OneGet meta-package manager
      PS C:\install\SpeculationControl> Save-Module -Name SpeculationControl -Path C:\Install\SpeculationControl
      PS C:\install\SpeculationControl> Install-Module -Name SpeculationControl
      Untrusted repository
      You are installing the modules from an untrusted repository. If you trust this repository, change its InstallationPolicy value by running the Set-PSRepository cmdlet. Are you sure you want to install the modules from 'PSGallery'?
      [Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "N"): A
      
21 - 30 of 63 Items