none
Spectre and Meltdown update registry key not set on client, protected or not?

    Question

  • Hello,

    I have a question about the Spectre and Meltdown update and the registry key that must be set for activating the update against spectre variant 2. After a little research I read on the Microsoft site, that you only must set the registry key on the server and not on the clients because the update on a client OS will set the registy key automatically. But when I check this on the clients, then is see that the registry key is not set. So can any one tell me if the clients without the registry key are protected against the spectre variant 2? Or is it necessary to set the registry key manual on the clients, so the clients are protected? 

    Regards,

    Dave


     

     


    Tuesday, June 19, 2018 9:12 AM

All replies

  • Hello Dave,

    Please refer to the following KB article for more details about protecting against this vulnerabilities.

    https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

    Best regards,

    Andy Liu


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, June 20, 2018 2:06 AM
  • Thank you for the answer but it is not really what I'am looking for because when I check with "Verifying that protections are enabled" on our clients, then I get this output:

    Windows OS support for branch target injection mitigation is present: True
    Windows OS support for branch target injection mitigation is enabled: False

    And also when I check manually if the registry key is set, then I do not see the registry key. So must I set the registry key on the clients, to be protected against Spectre variant 2?

    Regards,

    Dave

    Tuesday, June 26, 2018 7:01 AM