Microsoft Powershell script to verify Meltdown/Spectre protections

After installing the available patches/updates to mitigate the Meltdown/Spectre vulnerabilities I searched for a way to verify that protections have been enabled.

To my delight, I found a Powershell script published by Microsoft that covers this requirement pretty nice.

The script is well documented in the article “Understanding Get-SpeculationControlSettings PowerShell script output“.

Nevertheless, I want to show you a quick walk-through with screenshots in this blog post. I executed the script before and after I applied the appropriate VMware patches to test it.

The script is easily accessible:

  • open a PowerShell prompt window
  • type the following command to install the module:

Install-Module SpeculationControl

*Note: if you get execution errors adjust the Powershell execution policy: Set-ExecutionPolicy Bypass

  • to run the SpeculationControl Module use this command:

Get-SpeculationControlSettings

Red text means that there is a need for action:

Speculationcontrolsetting verify meltdown spectre

After applying the appropriate patches (in this example VMware patches ESXi600-201803401-BG and ESXi600-201803402-BG) the red lines changed to green:

Speculationcontrolsettings verify meltdown spectre

In my opinion, a nice possibility to check the protection state of a system in a quick and easy way.

Leave a Comment

Your email address will not be published. Required fields are marked *