[SOLVED] Intel CPU new vulnerabilities. Help.

D

Deleted member 2316159

Guest
Hi, i have an i5-9600k and an ASUS Maximus Hero XI WiFi mobo and i'm aware of the latest vulnerabilities of intel cpu's. I updated the ME, i installed the last cumulative update for windows and i'm waiting for the microcode update (BIOS). Here's how's my system right now. If i update the bios when its released, will i be fine? Or do i have another vulnerabilities? If so, can you tell me how to patch them? Thanks.

Here's the powershell check:

Speculation control settings for CVE-2017-5715 [branch target injection]

Hardware support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: True

Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: False

Speculation control settings for CVE-2018-3639 [speculative store bypass]

Hardware is vulnerable to speculative store bypass: True
Hardware support for speculative store bypass disable is present: True
Windows OS support for speculative store bypass disable is present: True
Windows OS support for speculative store bypass disable is enabled system-wide: True

Speculation control settings for CVE-2018-3620 [L1 terminal fault]

Hardware is vulnerable to L1 terminal fault: False

Speculation control settings for MDS [microarchitectural data sampling]

Windows OS support for MDS mitigation is present: True
Hardware is vulnerable to MDS: True
Windows OS support for MDS mitigation is enabled: False

BTIHardwarePresent : True
BTIWindowsSupportPresent : True
BTIWindowsSupportEnabled : True
BTIDisabledBySystemPolicy : False
BTIDisabledByNoHardwareSupport : False
BTIKernelRetpolineEnabled : False
BTIKernelImportOptimizationEnabled : False
KVAShadowRequired : False
KVAShadowWindowsSupportPresent : True
KVAShadowWindowsSupportEnabled : False
KVAShadowPcidEnabled : False
SSBDWindowsSupportPresent : True
SSBDHardwareVulnerable : True
SSBDHardwarePresent : True
SSBDWindowsSupportEnabledSystemWide : True
L1TFHardwareVulnerable : False
L1TFWindowsSupportPresent : True
L1TFWindowsSupportEnabled : False
L1TFInvalidPteBit : 0
L1DFlushSupported : True
MDSWindowsSupportPresent : True
MDSHardwareVulnerable : True
MDSWindowsSupportEnabled : False

And here is a link for the image of MDSTool and the active vulnerabilities.

https://www.techpowerup.com/forums/attachments/untitled-jpg.123292/
 
Last edited by a moderator:
Solution
In reality, if you keep your antivirus up to date and make sure you don't download anything fishy, you will be unlikely to fall victim to one of these vulnerabilities.

I would mainly be worrying about the performance hits from these mitigations.
D

Deleted member 2316159

Guest
In reality, if you keep your antivirus up to date and make sure you don't download anything fishy, you will be unlikely to fall victim to one of these vulnerabilities.

I would mainly be worrying about the performance hits from these mitigations.
Do you know if i am safe for other vulnerabilities (according to my image in the link) except the new mds one?