So I've got a Lenovo ThinkCentre M800, running Windows 10 x64, 1709. I've applied their latest BIOS Update which is version FWKT86A, and then ran Get-SpeculationControlSettings (From the Speculation Control PS module which determines if your PC is still at risk), and it returns not protected. I've ensured the PC is completely up to date, and I'm still showing that the PC is still vulnerable to Spectre/Meltdown.
Has anyone else ran into this? Does the BIOS update indeed protect against Spectre/Meltdown?
Here are results from Get-SpeculationControlSettings:
Get-SpeculationControlSettings
Speculation control settings for CVE-2017-5715 [branch target injection]
For more information about the output below, please refer to https://support.microsoft.com/en-in/help/4074629
Hardware support for branch target injection mitigation is present: False ||
Windows OS support for branch target injection mitigation is present: False||
Windows OS support for branch target injection mitigation is enabled: False
Speculation control settings for CVE-2017-5754 [rogue data cache load]
Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: False
Windows OS support for kernel VA shadow is enabled: False
Suggested actions
* Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injection mitigation.
* Install the latest available updates for Windows with support for speculation control mitigations.
* Follow the guidance for enabling Windows Client support for speculation control mitigations described in https://support.microsoft.com/help/4073119
BTIHardwarePresent : False
BTIWindowsSupportPresent : False
BTIWindowsSupportEnabled : False
BTIDisabledBySystemPolicy : False
BTIDisabledByNoHardwareSupport : False
KVAShadowRequired : True
KVAShadowWindowsSupportPresent : False
KVAShadowWindowsSupportEnabled : False
KVAShadowPcidEnabled : False
