Mitigating CVE-2017-5715, CVE 2017-5754 and CVE-2018-3620 using SanerNow

    Follow

    Overview:

    Microsoft has additional recommendations for effectively patching the following vulnerabilities,

    CVE-2017-5715

    CVE-2017-5754

    CVE-2018-3620 

    Mitigation of these vulnerabilities require creation of certain Windows Registry entries. This article describes the steps to create these registry settings. 

    Affected OS: All Microsoft Windows

    Solution : 

    1. Install the patches recommended in the Microsoft advisory, ADV180002

    2. Create the following registry entries,

     Registry Changes,

    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f

    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f

    3. Reboot the system so that the changes take effect. 

     

    Mitigation using SanerNow,

    1. Download the L1TF_variant.exe which is attached.

    2. Login to https://saner.secpod.com

    3. Switch to the account/site specific view

    4. Use the EM tool to create an Action

    5. Select 'software Deployment' feature

    6. Select 'Install' in the 'command' and select 'Install method' as 'Using Installation file'

    7. Upload the file L1TF_variant.exe

    8. Provide 'Command line arguments*' as /S for silent mode installation

    9. Select the Group where you want to apply this change and click 'Create Response'

    software_deployment.png

    Systems need to be rebooted to effect this change. Reboot job can also be created using EM -> Actions -> System option. 

    On the next scheduled scan, vulnerabilities will not be reported. 

    How to mitigate the above CVE's using Saner Personal

    1. Download the L1TF_variant.exe which is attached.

    2. Open the cmd.exe as 'Administrator'

    3. Go the path where exe is downloaded

    5. run with /S option as

    L1TF_variant.exe /S

    6. scan the device 

    This should resolve the issue and as part of the next scheduled scan, Saner will not report these vulnerabilities.

     References:

    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018

     

     

    Was this article helpful?
    0 out of 0 found this helpful

    Comments