Check Meltdown and Spectre Mitigation Status Using PowerShell

We have already published about an open-source tool called SpecuCheck that can be used to test the Windows system for the mitigation status against the newly revealed vulnerabilities – Meltdown and Spectre. The SpecuCheck tool is very easy to use and works almost effortlessly. But this tool was designed before Microsoft published their own PowerShell  script for the same purpose. Now the SpecuCheck authors are suggesting that Windows users should use the PowerShell script released by Microsoft instead.

In order to use this PowerShell script, you should first upgrade your PowerShell to version 5.0 in Windows 7 SP1 and Windows 8.1. You can download the upgrade (Windows Management Framework 5.0) from  https://www.microsoft.com/en-us/download/details.aspx?id=50395.

After this is done, you can launch PowerShell console from the Start Menu and start giving the following commands:

$SaveExecutionPolicy = Get-ExecutionPolicy   
Set-ExecutionPolicy ByPass -Scope Currentuser 
Install-Module SpeculationControl
Get-SpeculationControlSettings 
Set-ExecutionPolicy $SaveExecutionPolicy -Scope Currentuser

Speculation Control PowerShell

The commands you give may require some additional components and scripts to be downloaded. All you have to do is just keep pressing “Y” to proceed. The results shown in green mean that those risks are patched and the ones shown in red means that those parts are still un-patched.

In case anything is returned as False and is in red color, that means you have to download and install patches to protect against those risks exposed by your system. You can just enable the Automatic Updates in Windows to have the appropriate patches delivered or you can visit https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002 to find the complete list of patches available for various Windows versions and products.

In addition of installing the updates from Microsoft, you will also have to install some of the updates from the device manufacture for your computer like Lenovo, HP, Sony etc. For this, you should keep a lookout on the websites of these device manufacturers and install the updates whenever they are available.