Windows Speculative Execution Vulnerabilities - CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-3615, CVE-2018-3620, CVE-2018-3639, CVE-2018-3646, CVE-2018-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11135
search cancel

Windows Speculative Execution Vulnerabilities - CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-3615, CVE-2018-3620, CVE-2018-3639, CVE-2018-3646, CVE-2018-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11135

book

Article ID: 234835

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM)

Issue/Introduction

We found the following security vulnerability on our UIM Servers.  This is not related to UIM, but we want to know if it will be safe to mitigate the vulnerabilities as per the suggestions given without impacting UIM.

###### Windows Speculative Execution Configuration Check Medium x.x.x.x TCP 445 Plugin Output: Current Settings:
  - SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
    FeatureSettingsOverrideMask: Not Set
  - SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
    FeatureSettingsOverride: Not Set

-----------------------------------

Recommended Settings 1:
  - SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
    FeatureSettingsOverrideMask: 0x00000003 (3)
  - SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
    FeatureSettingsOverride: 0x00000048 (72)
  CVEs Covered:
    CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-3615, CVE-2018-3620,
    CVE-2018-3639, CVE-2018-3646, CVE-2018-11091, CVE-2018-12126, CVE-2018-12127,
    CVE-2018-12130, CVE-2019-11135
  Note: Hyper-Threading enabled.

-----------------------------------

Recommended Settings 2:
  - SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
    FeatureSettingsOverrideMask: 0x00000003 (3)
  - SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
    FeatureSettingsOverride: 0x00002048 (8264)
  CVEs Covered:
    CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-3615, CVE-2018-3620,
    CVE-2018-3639, CVE-2018-3646, CVE-2018-11091, CVE-2018-12126, CVE-2018-12127,
    CVE-2018-12130, CVE-2019-11135
  Note: Hyper-Threading disabled.		 The remote host has not properly mitigated a series of speculative execution vulnerabilities. Jan 14, 2022 20:27:39 UTC Feb 6, 2022 20:35:13 UTC The remote host has not properly mitigated a series of known speculative execution vulnerabilities. It, therefore, may be affected by :
  - Branch Target Injection (BTI) (CVE-2017-5715)
  - Bounds Check Bypass (BCB) (CVE-2017-5753)
  - Rogue Data Cache Load (RDCL) (CVE-2017-5754)
  - Rogue System Register Read (RSRE) (CVE-2018-3640)
  - Speculative Store Bypass (SSB) (CVE-2018-3639)
  - L1 Terminal Fault (L1TF) (CVE-2018-3615, CVE-2018-3620, CVE-2018-3646)
  - Microarchitectural Data Sampling Uncacheable Memory (MDSUM) (CVE-2019-11091)
  - Microarchitectural Store Buffer Data Sampling (MSBDS) (CVE-2018-12126)
  - Microarchitectural Load Port Data Sampling (MLPDS) (CVE-2018-12127)
  - Microarchitectural Fill Buffer Data Sampling (MFBDS) (CVE-2018-12130)
  - TSX Asynchronous Abort (TAA) (CVE-2019-11135)		 Apply vendor recommended settings. http://www.nessus.org/u?8902cebb
http://www.nessus.org/u?6a005ed4

 

Environment

Release : 20.4

 

Resolution

There is no impact to UIM.  Feel free to apply the mitigations.

Powered by Wolken Software