Mitigating CVE-2018-3639 using SanerNow

    Follow

    Overview:

    Microsoft has recommended additional measures for effectively patching the following vulnerability:
    CVE-2018-3639
    Mitigation of this vulnerability requires the creation of certain Windows Registry entries. This article describes the steps to create these registry settings.

     

    Affected OS: 

    All supported Microsoft Windows clients and server

     

    Solution :

    1. Install the patches recommended in the Microsoft advisory, ADV1800012

    2. Create the following registry entries,
    Registry Changes:

    To enable the fix for Windows Clients:

    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 8 /f

    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f

    To enable the fix for Windows Server:

    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 8 /f

    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f

    reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d "1.0" /f

    3. Reboot the system so that the changes take effect.

     

    Automate Patching with SanerNow:

    1. Download the speculative_store_bypass_fix.zip which is attached.

    2. Login to SanerNow

    3. Switch to the account/site specific view

    4. Use the EM tool to create an Action

    5. Select 'Software Deployment' feature

    6. Select 'Install' in the 'command' and select 'Install method' as 'Using Installation file'

    7. Unzip and upload the file speculative_store_bypass.exe

    8. Provide 'Command line arguments*' as /S for silent mode installation

    9. Select the Group where you want to apply this change and click 'Create Response'

    Please refer below image for understanding above patching details.

    Systems need to be rebooted for this change to take effect. Reboot job can also be created using EM -> Actions -> System option.

    On the next scheduled scan, vulnerabilities will not be reported.

    In case the above changes cause issues, deploy the speculative_store_bypass_fix_revert.exe file in a manner similar to the one shown above.

    References:

    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012

    Was this article helpful?
    0 out of 0 found this helpful

    Comments