Microsoft publishes new Registry security mitigation for Intel processors (Spectre)
Microsoft publishes new Registry security mitigation for Intel processors (Spectre)
About six years ago, vulnerabilities were discovered that affected most Intel and AMD processors. The vulnerabilities, Spectre and Meltdown, can be exploited to read sensitive data from attacked computer systems.
Intel released an update for one of the Spectre variants, disclosed officially on March 8, 2022. Microsoft implemented mitigations in client and server versions of Windows as a response to this.
These are disabled by default. The main reason for this seems to be potential performance impacts that comes with the implementation.
This guide walks you through the steps of configuring Windows to enable the mitigations and finding out if your processor is affected.
Is your processor affected?
The very first thing you may want to do is check if your processor is on Intel's list of affected CPUs.
- If it is on the list, you may enable the mitigation to protect the system against potential attacks.
- If it is not on the list, you can skip the remainder of the article.
Here is how you find out:
- Open Start > Settings > System > About and check the listed processor.
- Load the following two resource websites: Nist.gov and Intel's Affected Processors website.
Check to see if the installed processor is listed on these websites. You may want to use the browser's search to find the information quickly.
Microsoft's Registry tweak to protect against the vulnerability
If your processor is on the list, you may change the Registry keys to enable the mitigations.
Note: implementation may affect performance. While I cannot recommend not enabling these mitigations, the risk of attacks against home PCs is most of the time neglectable.
Backup: it is highly recommended to back up the system drive before implementing the mitigation. Not with Windows' Backup App, which is useless for the purpose, but with a full backup program like Paragon Backup & Recovery Free.
Here is what you need to do on Windows devices and clients to mitigate CVE-2022-0001:
- Open Start, type CMD, and select Run as administrator. This launches an elevated command prompt window.
- Confirm the UAC prompt by selecting yes.
- Execute the following two commands by pasting them and pressing the Enter-key after each:
- reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0x00800000 /f
- reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 0x00000003 /f
- Restart the computer after both Registry keys have been added.
Tip: you may want to monitor performance to make sure that day-to-day operations are not severely impacted by the mitigation.
Interestingly enough, Microsoft has also revealed how Linux users may mitigate the vulnerability: "Specify spectre_bhi=on on the kernel command line".
Closing Words
While it may be critical for organizations to implement the mitigation, risks of attacks are relatively low for home users.
What about you? Have you implemented Spectre / Meltdown mitigations on your PCs? (via Neowin)
More like this
-
Fix Microsoft account "is already here" error on Windows 11 and 10 devices
Fix Microsoft account "is already here" error on Windows 11 and 10 devicesRead more -
Chrome 121 ships with security updates and new AI tools
Chrome 121 ships with security updates and new AI toolsRead more
-
Microsoft starts rollout of Windows DMA compliance changes in Europe
Microsoft starts rollout of Windows DMA compliance changes in EuropeRead more
-
Enhanced YouTube Experience: Lyrics and Album Art Arrive on Android TV
Enhanced YouTube Experience: Lyrics and Album Art Arrive on Android TVRead more
-
Assassin's Creed Shadows to feature Xbox Cloud Gaming support at launch
Assassin's Creed Shadows to feature Xbox Cloud Gaming support at launchRead more
