SCCM Updated: Speculation Execution Side-Channel Vulnerabilities Configuration Baseline

  • Thread starter Yvette O'Meally
  • Start date

Yvette O'Meally

We have updated the Speculation Execution Side-Channel Vulnerabilities Configuration Baseline. The updated baseline now includes support for verifying the protections for CVE-2018-3639 (Speculative store bypass) in addition to the previously supported CVE-2017-5715 and CVE-2017-5754.

This configuration baseline is used to confirm whether a system has enabled the protections needed for the speculative-execution side-channel vulnerabilities as described in Microsoft Security Advisory ADV180002 and Microsoft Security Advisory ADV 18012. It is based on the functionality in the PowerShell module Get_SpeculationControlSettings. It requires at least PowerShell 3.0.

Read more about mitigating speculative execution side-channel vulnerabilities for Configuration Manager environments

Continue reading...