One-Stop-Shop for mitigating CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754. (Speculative execution side-channel vulnerabilities / Meltdown and Spectre on Windows Platform.)

Most of the Intel - AMD and ARM processors are affected with vulnerabilities which are abusing CPU Data Cache timing to leak information out of misconfigured speculated execution. 

Here is what needs to be done before Windows Security Fix is deployed:

  • Make sure Anti-Virus is compatible with windows patch: 

Refer to:   

Thanks to for sharing the spreadsheet with updated information regarding AV Vendor compatibility. 

If AV is not compatible and the patch is deployed without proper testing, users can face Blue Screen issues. It is advisable to get an official response from AV Vendor.

More Information: 

Registry Tweaks: (Make sure this is checked with AV vendor before executing.)


  • Install appropriate Windows Patch.  (+ Firmware Update is needed to fix the vulnerabilities)

Windows Client OS: 

Windows Server OS: (Registry configuration changes are needed, below link has details) 

MS Advisory: 

This advisory addresses the following vulnerabilities: 

CVE-2017-5753 - Bounds check bypass

CVE-2017-5715 - Branch target injection

CVE-2017-5754 - Rogue data cache load 

Guidance for SQL Server against Speculative execution side-channel vulnerabilities:

  • Install Firmware Update:

Contact appropriate Hardware Vendor to get a firmware update. As mentioned by Microsoft, installing OS patch only is not enough to fix this vulnerability and Firmware update is mandatory.

Enterprises should connect with their Account Managers in order to get proper updated information from the hardware vendor. 

  • Lenovo has released advisory and have mentioned providing updates in next 24 Hours or so: (Updated 1/4- Affected Models + Fix release Date) 

  • Intel advisory is available here: 

  • Deep Dive Technical Analysis: 

  • PowerShell Commands for Protection Verification:

Install-Module SpeculationControl 


More Details: 

Nessus Plugin Details:

Apple is expected to release fix:

There are chances of performance degradation after updates are installed.