How to test MS meltdown spectre patches work

How do we verify the patches effectively mitigate?
sunhuxAsked:
Who is Participating?
 
btanConnect With a Mentor Exec ConsultantCommented:
At best you can verify the kernel or OS fixes are in place (vendor may add more than capability to address beyond the exploit). Nonetheless, there is still Microcode for processor that will requires onsite check.
Run the powershell as also shared by the experts (and also in the advisory). It is a bit hard to read the findings, but as long as you see "true", it means that protection is available while "false" means that it is not. But do check on your AV to be patched as well
https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in
https://docs.google.com/spreadsheets/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview?usp=sharing&sle=true

For microcodes, I see only INtel release for linux so far. You should also check out the browser latest update too and hardening to reduce the exposure on top of the OS. Same applies for VMware and Citrix especially when you are a VM or VDI environment

This list of advisories can be handy https://www.bleepingcomputer.com/news/security/list-of-meltdown-and-spectre-vulnerability-advisories-patches-and-updates/
1
 
Hello ThereConnect With a Mentor System AdministratorCommented:
There is MS script that tests if your device has all patches implemented. HERE.
1
 
JohnConnect With a Mentor Business Consultant (Owner)Commented:
You can test if the patch is install per the above link.  

You cannot test that the patch performs correctly. We can only hope that Microsoft (and other) coders did their job correctly.
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
Ashok DewanConnect With a Mentor FreelancerCommented:
You can download below tool to check if PC is vulnerable or not.

https://www.ashampoo.com/en/usd/pin/1304/security-software/spectre-meltdown-cpu-checker
1
 
ste5anConnect With a Mentor Senior DeveloperCommented:
By running the accoring PoC's before and after installing these patches.
0
 
sunhuxAuthor Commented:
It's our ATM machines vendor who told us that they only apply the MS patches but we have to certify the patches work on those 'highly customized Windows' that run on the ATMs.

Come to think of what John said: we have to trust that MS and the principals that release the patches have tested & certified them.  Dawned upon me that if we were to certify/test the patches work, then every single patches (for other vendors products including UNIXes, DB, network etc) had to be "re-certified" by us, simply because we don't trust the principals??
0
 
JohnBusiness Consultant (Owner)Commented:
You need to ask the ATM vendor how to do certification testing as that would be quite complicated
0
 
btanExec ConsultantCommented:
MS is for the general mass using the OS build. For the customized version, it should be from the ATM vendor and agree with John that there is a set of security testing to validate patches and version log of the release. Unlikely it is just a simple patch per se. The lab test report would have cover the test set that you should verify again and set observation period to ascertain any impact to system and services.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.