New: Microsoft Speculation Control Validation PowerShell Script 1.0.4

Microsoft Speculation Control Validation PowerShell Script 1.0.4
Determine firmware and OS vulnerably to Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 & CVE-2017-5715) exploits

This package includes a WSUS deployable CAB file, complete with deployment and reporting rules.

  • Uninstall existing versions
  • Install the PowerShell module: SpeculationControl
  • Run the validation tool and log the results
    • PowerShell’s execution policy is only modified within the context of this tool
  • Set the exit code based on the assessment:
    • 320 – Not Vulnerable – The firmware and OS are patched
    • 321 – Vulnerable – The firmware and OS are unpatched
    • 322 – Vulnerable – The OS is patched but vulnerable because the firmware is unpatched
    • 323 – Vulnerable – The firmware and OS are patched but the OS is vulnerable because of an OS policy
    • 324 – Vulnerable – The firmware is patched, but the OS is unpatched
    • 325 – Unable to parse the assessment results, please check the log file
  • For simplified reporting, write the exit code to:
    • 64-bit systems: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\MassDeploy\History\Microsoft Speculation Control Validation PowerShell Script 1.0.4 | Last Exit Code
    • 32-bit systems: HKEY_LOCAL_MACHINE\SOFTWARE\MassDeploy\History\Microsoft Speculation Control Validation PowerShell Script 1.0.4 | Last Exit Code
  • Display the results, but only when run in interactive mode

Command line arguments
<none> - Minimally interactive install
/u - Unattended install
/s - Silent install
Exit codes
320 - Not Vulnerable - The firmware and OS are patched
321 - Vulnerable - The firmware and OS are unpatched
322 - Vulnerable - The OS is patched but vulnerable because the firmware is unpatched
323 - Vulnerable - The firmware and OS are patched but the OS is vulnerable because of an OS policy
324 - Vulnerable - The firmware is patched, but the OS is unpatched
325 - Unable to parse the assessment results, please check the log file
Common exit codes