After installing the available patches/updates to mitigate the Meltdown/Spectre vulnerabilities I searched for a way to verify that protections have been enabled.
To my delight, I found a Powershell script published by Microsoft that covers this requirement pretty nice.
The script is well documented in the article “Understanding Get-SpeculationControlSettings PowerShell script output“.
Nevertheless, I want to show you a quick walk-through with screenshots in this blog post. I executed the script before and after I applied the appropriate VMware patches to test it.
The script is easily accessible:
- open a PowerShell prompt window
- type the following command to install the module:
Install-Module SpeculationControl
*Note: if you get execution errors adjust the Powershell execution policy: Set-ExecutionPolicy Bypass
- to run the SpeculationControl Module use this command:
Get-SpeculationControlSettings
Red text means that there is a need for action:
After applying the appropriate patches (in this example VMware patches ESXi600-201803401-BG and ESXi600-201803402-BG) the red lines changed to green:
In my opinion, a nice possibility to check the protection state of a system in a quick and easy way.