January 2018 saw the rise of Meltdown and Spectre vulnerabilities concerning speculative execution side channels. A subclass of speculative execution side-channel vulnerability, termed as Speculative Store Bypass (SSB) was announced by Microsoft in collaboration with Google researchers, and was assigned CVE-2018-3639. While Microsoft released several updates as a fix to this vulnerability, some additional measures have to be followed in order to mitigate it fully. In this article, we will discuss the necessary steps that involve updating few registry settings to be fully protected from this vulnerability.


Affected OS: All supported Microsoft Windows


Solution : 

1. Install the patches recommended in the Microsoft advisory for CVE-2018-3639.

2. Create the registry entries as described below:

For processors other than ARM or AMD:

For Windows Clients (Windows 7, Windows 8.1 and Windows 10):

  1. Click Start, click Run, type regedt32 or type regedit, and then click OK.
  2. In Registry Editor, locate the following registry path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
  3. Right-click on Memory Management, point to New, and then click DWORD (32-bit) Value.
  4. Type FeatureSettingsOverride as the name of the newly-created DWORD and then press Enter.
  5. Double-click the DWORD FeatureSettingsOverride and change the value data field to 8.
  6. Right-click on Memory Management, point to New, and then click DWORD (32-bit) Value.
  7. Type FeatureSettingsOverrideMask as the name of the newly-created DWORD and then press Enter.
  8. Double Click FeatureSettingsOverrideMask and change the value data field to 3.

Please refer below image for registry changes.

For Windows Servers:

  1. Click Start, click Run, type regedt32 or type regedit, and then click OK.
  2. In Registry Editor, locate the following registry path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
  3. Right-click on Memory Management, point to New, and then click DWORD (32-bit) Value.
  4. Type FeatureSettingsOverride as the name of the newly-created DWORD and then press Enter.
  5. Double-click the DWORD FeatureSettingsOverride and change the value data field to 8.
  6. Right-click on Memory Management, point to New, and then click DWORD (32-bit) Value.
  7. Type FeatureSettingsOverrideMask as the name of the newly-created DWORD and then press Enter.
  8. Double Click FeatureSettingsOverrideMask and change the value data field to 3.
  9. In Registry Editor, locate the following registry path:HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion and create a key named Virtualization.
  10. Right-click on Virtualization, point to New, and then click on String Value.
  11. Type MinVmVersionForCpuBasedMitigations as the name of the newly-created String Value and then press Enter.
  12. Double Click MinVmVersionForCpuBasedMitigations and change the value data field to 1.0.

For Windows systems with AMD processors:

For Windows Clients (Windows 7, Windows 8.1 and Windows 10):

  1. Click Start, click Run, type regedt32 or type regedit, and then click OK.
  2. In Registry Editor, locate the following registry path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
  3. Right-click on Memory Management, point to New, and then click DWORD (32-bit) Value.
  4. Type FeatureSettingsOverride as the name of the newly-created DWORD and then press Enter.
  5. Double-click the DWORD FeatureSettingsOverride and change the value data field to 72.
  6. Right-click on Memory Management, point to New, and then click DWORD (32-bit) Value.
  7. Type FeatureSettingsOverrideMask as the name of the newly-created DWORD and then press Enter.
  8. Double Click FeatureSettingsOverrideMask and change the value data field to 3.

For Windows Servers:

  1. Click Start, click Run, type regedt32 or type regedit, and then click OK.
  2. In Registry Editor, locate the following registry path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
  3. Right-click on Memory Management, point to New, and then click DWORD (32-bit) Value.
  4. Type FeatureSettingsOverride as the name of the newly-created DWORD and then press Enter.
  5. Double-click the DWORD FeatureSettingsOverride and change the value data field to 72.
  6. Right-click on Memory Management, point to New, and then click DWORD (32-bit) Value.
  7. Type FeatureSettingsOverrideMask as the name of the newly-created DWORD and then press Enter.
  8. Double Click FeatureSettingsOverrideMask and change the value data field to 3.
  9. In Registry Editor, locate the following registry path:HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion and create a key named Virtualization.
  10. Right-click on Virtualization, point to New, and then click on String Value.
  11. Type MinVmVersionForCpuBasedMitigations as the name of the newly-created String Value and then press Enter.
  12. Double Click MinVmVersionForCpuBasedMitigations and change the value data field to 1.0.

For Windows systems with ARM processors:

For Windows Clients (Windows 7, Windows 8.1 and Windows 10):

  1. Click Start, click Run, type regedt32 or type regedit, and then click OK.
  2. In Registry Editor, locate the following registry path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
  3. Right-click on Memory Management, point to New, and then click DWORD (32-bit) Value.
  4. Type FeatureSettingsOverride as the name of the newly-created DWORD and then press Enter.
  5. Double-click the DWORD FeatureSettingsOverride and change the value data field to 64.
  6. Right-click on Memory Management, point to New, and then click DWORD (32-bit) Value.
  7. Type FeatureSettingsOverrideMask as the name of the newly-created DWORD and then press Enter.
  8. Double Click FeatureSettingsOverrideMask and change the value data field to 3.

For Windows Servers:

  1. Click Start, click Run, type regedt32 or type regedit, and then click OK.
  2. In Registry Editor, locate the following registry path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
  3. Right-click on Memory Management, point to New, and then click DWORD (32-bit) Value.
  4. Type FeatureSettingsOverride as the name of the newly-created DWORD and then press Enter.
  5. Double-click the DWORD FeatureSettingsOverride and change the value data field to 64.
  6. Right-click on Memory Management, point to New, and then click DWORD (32-bit) Value.
  7. Type FeatureSettingsOverrideMask as the name of the newly-created DWORD and then press Enter.
  8. Double Click FeatureSettingsOverrideMask and change the value data field to 3.
  9. In Registry Editor, locate the following registry path:HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion and create a key named Virtualization.
  10. Right-click on Virtualization, point to New, and then click on String Value.
  11. Type MinVmVersionForCpuBasedMitigations as the name of the newly-created String Value and then press Enter.
  12. Double Click MinVmVersionForCpuBasedMitigations and change the value data field to 1.0.

Automate Patching with Saner:

Saner can automate the above patching across the organization with ease. Click here to explore patching steps using Saner.


Saner Personal Users:

1. Download the Processor_mitigation_fix and unzip to get Processor_mitigation_fix.exe
2. Open the cmd.exe as ‘Administrator’
3. Go the path where exe “Processor_mitigation_fix.exe” is extracted
4. Run the below command with “/S” silent option to fully patch this vulnerability.
C:\>Processor_mitigation_fix.exe /S
These steps will resolve this vulnerability completely. Saner will stop reporting about this vulnerability from the next manual or scheduled scan.

Note: In case of any issues faced, unzip Processor_mitigation_fix_revert and use the file Processor_mitigation_fix_revert.exe in a manner similar to the one described above.


References:

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv180012


Summary
Article Name
How to fully patch CVE-2018-3639, Speculative Store Bypass Vulnerability
Author
Publisher Name
SecPod Technologies
Publisher Logo
Loading Facebook Comments ...

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>