Mitigating CVE-2017-5715, CVE 2017-5754 and CVE-2018-3620 using SanerNow

    Follow

    Overview:

    Microsoft has additional recommendations for effectively patching the following vulnerabilities,

    CVE-2017-5715

    CVE-2017-5754

    CVE-2018-3620 

    Mitigation of these vulnerabilities require creation of certain Windows Registry entries. This article describes the steps to create these registry settings. 

    Affected OS: All Microsoft Windows

    Solution : 

    1. Install the patches recommended in the Microsoft advisory, ADV180002

    2. Create the following registry entries,

     Registry Changes,

    a. To enable the fix for Windows processors other than AMD and ARM processors:

    * Fix for Windows Clients:

    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f

    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f

    OR:
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 8 /f

    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f

    * Fix for Windows Server:

    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f

    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f

    reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d "1.0" /f

    OR:
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 8 /f

    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f

    reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d "1.0" /f

     

    b. To enable the fix for Windows AMD processors:

    * Fix for Windows Clients:

    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 72 /f

    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f

    * Fix for Windows Server:

    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 72 /f

    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f

    reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d "1.0" /f

     

    c. To enable the fix for Windows ARM processors:

    * Fix for Windows Clients:

    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 64 /f

    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f

    * Fix for Windows Server:

    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 64 /f

    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f

    reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d "1.0" /f

    3. Reboot the system so that the changes take effect. 

     

    Mitigation using SanerNow,

    1. Download the Processor_mitigation_fix.exe which is attached.

    2. Login to https://saner.secpod.com

    3. Switch to the account/site specific view

    4. Use the EM tool to create an Action

    5. Select 'software Deployment' feature

    6. Select 'Install' in the 'command' and select 'Install method' as 'Using Installation file'

    7. Upload the file Processor_mitigation_fix.exe

    8. Provide 'Command line arguments*' as /S for silent mode installation

    9. Select the Group where you want to apply this change and click 'Create Response'

    Systems need to be rebooted to effect this change. Reboot job can also be created using EM -> Actions -> System option. 

    On the next scheduled scan, vulnerabilities will not be reported. 

    How to mitigate the above CVE's using Saner Personal

    1. Download the Processor_mitigation_fix.exe which is attached.

    2. Open the cmd.exe as 'Administrator'

    3. Go the path where exe is downloaded

    5. run with /S option as

    $ Processor_mitigation_fix.exe /S

    6. scan the device 

    This should resolve the issue and as part of the next scheduled scan, Saner will not report these vulnerabilities.

     References:

    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018

    https://support.microsoft.com/en-us/help/4072698/windows-server-speculative-execution-side-channel-vulnerabilities-prot

    Was this article helpful?
    0 out of 0 found this helpful

    Comments