Odpověď na názor

PS C:\Windows\system32> Install-Module SpeculationControl

PS C:\Windows\system32> Get-SpeculationControlSettings
Speculation control settings for CVE-2017-5715 [branch target injection]

Hardware support for branch target injection mitigation is present: False
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: False
Windows OS support for branch target injection mitigation is disabled by system policy: False
Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True

Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID optimization is enabled: False

Suggested actions

* Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injection mitigation.
* Follow the guidance for enabling Windows support for speculation control mitigations are described in https://support.microsoft.com/help/4072698



Toto je výsledek na Nehalemu - výrobce motherboardu zjevně musí dodat nový microcode update / nový BIOS, což se zatím nestalo. Na AMD Turion II je situace stejná, pouze s rozdílem, že pro CVE-2017-5754 je výsledek "Hardware requires kernel VA shadowing: False"


Microsoft umožňuje vypnout zabezpečení pomocí klíčů v registru:
https://support.microsoft.com/en-sg/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution