windows-server-2008-r2 – 我无法在Windows Server 2008 R2中启
我已经按照详细的
here安装了今天发布的补丁,然后按照提到的方式设置了两个注册表项:
reg add "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession ManagerMemory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f reg add "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession ManagerMemory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f 但是,当我运行提供的PowerShell模块进行检查时,它会通知我仍然没有启用缓解: PS C:UsersAdministrator> get-speculationcontrolsettings Speculation control settings for CVE-2017-5715 [branch target injection] Hardware support for branch target injection mitigation is present: False Windows OS support for branch target injection mitigation is present: False Windows OS support for branch target injection mitigation is enabled: False Speculation control settings for CVE-2017-5754 [rogue data cache load] Hardware requires kernel VA shadowing: True Windows OS support for kernel VA shadow is present: False Windows OS support for kernel VA shadow is enabled: False Suggested actions * Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injection mitigation. * Install the latest available updates for Windows with support for speculation control mitigations. * Follow the guidance for enabling Windows support for speculation control mitigations are described in https://support.microsoft.com/help/4072698 BTIHardwarePresent : False BTIWindowsSupportPresent : False BTIWindowsSupportEnabled : False BTIDisabledBySystemPolicy : False BTIDisabledByNoHardwareSupport : False KVAShadowRequired : True KVAShadowWindowsSupportPresent : False KVAShadowWindowsSupportEnabled : False KVAShadowPcidEnabled : False 为什么是这样?还有什么我需要做的?我重新启动了服务器,没有任何改进. @保罗于answer年后更新: 我现在已经安装了正确的更新(wally),这是PowerShell cmdlet的输出: PS C:UsersAdministrator> get-speculationcontrolsettings Speculation control settings for CVE-2017-5715 [branch target injection] Hardware support for branch target injection mitigation is present: False Windows OS support for branch target injection mitigation is present: True Windows OS support for branch target injection mitigation is enabled: False Windows OS support for branch target injection mitigation is disabled by system policy: True Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True Speculation control settings for CVE-2017-5754 [rogue data cache load] Hardware requires kernel VA shadowing: True Windows OS support for kernel VA shadow is present: True Windows OS support for kernel VA shadow is enabled: False Suggested actions * Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injection mitigation. * Follow the guidance for enabling Windows support for speculation control mitigations are described in https://support.microsoft.com/help/4072698 BTIHardwarePresent : False BTIWindowsSupportPresent : True BTIWindowsSupportEnabled : False BTIDisabledBySystemPolicy : True BTIDisabledByNoHardwareSupport : True KVAShadowRequired : True KVAShadowWindowsSupportPresent : True KVAShadowWindowsSupportEnabled : False KVAShadowPcidEnabled : False 这是我在微码更新之前可以做的一切吗?
首先上面的输出是说没有安装所需的Windows补丁:
Speculation control settings for CVE-2017-5715 [branch target injection] Windows OS support for branch target injection mitigation is present: False 和 Speculation control settings for CVE-2017-5754 [rogue data cache load] Windows OS support for kernel VA shadow is present: False 你的AV是否会阻止它? – 见here 其次,CVE-2017-5715还需要CPU微代码更新,这意味着当BIOS可用时更新BIOS.英特尔显然已经发布了这些代码,但是由OEM来提供更新的BIOS,并且可能需要一段时间. 您现在所能做的就是安装Windows补丁.一旦安装了正确的补丁,您应该为Meltdown提供保护,但仍需要后续的BIOS更新才能完全覆盖Spectre. 这里是我的(修补)Windows 10系统的输出: Speculation control settings for CVE-2017-5715 [branch target injection] Hardware support for branch target injection mitigation is present: False Windows OS support for branch target injection mitigation is present: True Windows OS support for branch target injection mitigation is enabled: False Windows OS support for branch target injection mitigation is disabled by system policy: False Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True Speculation control settings for CVE-2017-5754 [rogue data cache load] Hardware requires kernel VA shadowing: False 您将注意到,对于CVE-2017-5715,它显示补丁已安装但由于“缺少硬件支持”(即微代码更新)而未启用. 您还会注意到,对于CVE-2017-5754,它只是说它不是必需的 – 这是因为我在AMD CPU上运行. 至于你的旁注,我不能确定没有测试,但如果你仔细观察,为了禁用FeatureSettingsOverride键被设置为3,而不是0,因为启用它所以我假设你需要相同的掩码两者都是FeatureSettingsOverride键的0(启用)或3(禁用). (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |
- windows – Delphi:如何知道TEdit何时改变大小?
- user-interface – 使用Winelib移植仅限Windows的GUI工具包
- 使用ffmpeg截取视频第一帧当做背景图
- charles 的安装和手机配置 (我用的win7系统 ,和 iphone8
- 批处理文件 – 从Windows批处理文件中的无效GOTO命令中恢复
- windows-server-2008 – 转发的事件日志
- 有没有办法在Windows资源管理器中查看SVN修订号?
- windows-server-2008 – Win Server 2008 Standard上的Hype
- 在Windows中使用sendmailR
- Odata压缩 – 是否有任何支持? (WinRT的WCF数据服务5.0)
- 在Windows 10上清除和管理TPM (受信任的平台模块
- win10安装ubuntu16.04及后续配置
- 有没有Windows等同于Unix / Linux的声明?
- windows-server-2003 – RAID-1驱动器故障 – 丢
- Windows 查看哪個程序佔用端口號,結束進程。
- 如何以编程方式确定用户帐户是否是Windows中特定
- windows-server-2008-r2 – Windows Server 2008
- cef3:禁止win10高dpi下cef对内部网页进行缩放
- windows-server-2008-r2 – 资源监视器 – 磁盘
- pyshark无法在Windows 7(python)上捕获数据包