How to Find Out If Windows PC Affected by Meltdown and Spectre Vulnerabilities
Before we explain how to detect the two bugs on your own system, let’s take a moment to fully understand what the two vulnerabilities are and how they work.
The CPU flaw allows a would-be hacker to expose almost any data that a computer processes. That includes passwords, encrypted messages, personal information, and anything else you can think of.
Meltdown only affects Intel processors. Worryingly, the bug has been present since 2011. It uses part of the out-of-order execution (OOOE) process to change the cache state of a CPU. It can then dump the contents of the memory when it usually would be inaccessible.
Spectre can attack Intel, AMD, and ARM processors, and can thus also affect phones, tablets, and smart devices. It uses a processor’s speculative execution and branch prediction in conjunction with cache attacks to trick apps into revealing information that should be hidden within the protected memory area.
Spectre attacks need to be customized on a machine-by-machine basis, meaning they are harder to execute. However, because it’s based on an established practice in the industry, it’s also harder to fix.
Microsoft has made available a PowerShell script that will quickly tell you whether your PC is protected or not. Running it will require the Powershell, but the process is easy to follow.
If you’re using Windows 7, you will first need to download the Windows Management Framework 5.0 software, which will install a newer version of PowerShell on your system. The script below won’t run properly without it. If you’re using Windows 10, you already have the latest version of PowerShell installed.
First, run PowerShell as an administrator: press Windows key + Q or open the Start Menu, type PowerShell, right-click the first result Windows PowerShell, and select Run as administrator.
1. Type the following command into the PowerShell prompt and press Enter key to install the script on your system.
2. If you’re prompted to install the NuGet provider, type “y” and press Enter. You may also have to type “y” again and press Enter key to trust the software repository.
3. Execute following commands one at a time.
4. Type “y” and press Enter key when you’re asked to confirm.
5. Then, to actually run the script, execute the following commands one at a time:
The screenshot above, the command tells me that I have the Windows patch, but not the UEFI/BIOS update.
To fully protect against Meltdown and Spectre, you’ll need to install a UEFI or BIOS update from your PC’s manufacturer as well as the various software patches. These UEFI updates contain new Intel or AMD processor microcode that adds additional protection against these attacks. Unfortunately, they aren’t distributed via Windows Update—unless you’re using a Microsoft Surface device—so they must be downloaded from your manufacturer’s website and installed manually.
If “Windows OS support for branch target injection mitigation is present” is false, that means your PC hasn’t yet installed the operating system update that protects against these attacks.
Install all important Windows updates, if no updates are found, your antivirus software may be causing the problem, as Windows won’t install it if your antivirus software isn’t yet compatible. Contact your antivirus software provider and ask for more information about when their software will be compatible with the Meltdown and Spectre patch in Windows. This spreadsheet shows which antivirus software has been updated for compatibility with the patch.
You also need to install latest versions of your web browsers. If you use Microsoft Edge or Internet Explorer, the patch is included in the Windows Update. For Google Chrome and Mozilla Firefox, you’ll need to ensure you have the latest version—these browsers automatically update themselves unless you’ve gone out of your way to change that, so most users won’t have to do much.
Patches are now available to protect against Meltdown and Spectre on a wide variety of devices
The CPU flaw allows a would-be hacker to expose almost any data that a computer processes. That includes passwords, encrypted messages, personal information, and anything else you can think of.
Meltdown only affects Intel processors. Worryingly, the bug has been present since 2011. It uses part of the out-of-order execution (OOOE) process to change the cache state of a CPU. It can then dump the contents of the memory when it usually would be inaccessible.
Spectre can attack Intel, AMD, and ARM processors, and can thus also affect phones, tablets, and smart devices. It uses a processor’s speculative execution and branch prediction in conjunction with cache attacks to trick apps into revealing information that should be hidden within the protected memory area.
Spectre attacks need to be customized on a machine-by-machine basis, meaning they are harder to execute. However, because it’s based on an established practice in the industry, it’s also harder to fix.
Microsoft has made available a PowerShell script that will quickly tell you whether your PC is protected or not. Running it will require the Powershell, but the process is easy to follow.
If you’re using Windows 7, you will first need to download the Windows Management Framework 5.0 software, which will install a newer version of PowerShell on your system. The script below won’t run properly without it. If you’re using Windows 10, you already have the latest version of PowerShell installed.
First, run PowerShell as an administrator: press Windows key + Q or open the Start Menu, type PowerShell, right-click the first result Windows PowerShell, and select Run as administrator.
1. Type the following command into the PowerShell prompt and press Enter key to install the script on your system.
Code:
Install-Module SpeculationControl2. If you’re prompted to install the NuGet provider, type “y” and press Enter. You may also have to type “y” again and press Enter key to trust the software repository.
3. Execute following commands one at a time.
Code:
$SaveExecutionPolicy = Get-ExecutionPolicyCode:
Set-ExecutionPolicy RemoteSigned -Scope Currentuser4. Type “y” and press Enter key when you’re asked to confirm.
5. Then, to actually run the script, execute the following commands one at a time:
Code:
Import-Module SpeculationControlCode:
Get-SpeculationControlSettingsThe screenshot above, the command tells me that I have the Windows patch, but not the UEFI/BIOS update.
To fully protect against Meltdown and Spectre, you’ll need to install a UEFI or BIOS update from your PC’s manufacturer as well as the various software patches. These UEFI updates contain new Intel or AMD processor microcode that adds additional protection against these attacks. Unfortunately, they aren’t distributed via Windows Update—unless you’re using a Microsoft Surface device—so they must be downloaded from your manufacturer’s website and installed manually.
If “Windows OS support for branch target injection mitigation is present” is false, that means your PC hasn’t yet installed the operating system update that protects against these attacks.
Install all important Windows updates, if no updates are found, your antivirus software may be causing the problem, as Windows won’t install it if your antivirus software isn’t yet compatible. Contact your antivirus software provider and ask for more information about when their software will be compatible with the Meltdown and Spectre patch in Windows. This spreadsheet shows which antivirus software has been updated for compatibility with the patch.
You also need to install latest versions of your web browsers. If you use Microsoft Edge or Internet Explorer, the patch is included in the Windows Update. For Google Chrome and Mozilla Firefox, you’ll need to ensure you have the latest version—these browsers automatically update themselves unless you’ve gone out of your way to change that, so most users won’t have to do much.
Patches are now available to protect against Meltdown and Spectre on a wide variety of devices