Manage Meltdown and Spectre Vulnerabilities on Windows 10

The defects named Meltdown and Spectre affect Windows 10 systems running on both Intel and AMD processors. Shared resource environments, such as virtual machines and containers running in cloud environments, are the most vulnerable to these exploits as one virtual machine could improperly access information from another.

However, if you are just using Windows 10 on a standalone PC, the threat of a Meltdown or Spectre attack is limited.

Here is how to manage the Meltdown and Spectre patches on your Windows 10 PC:

Install SpeculationControl Module

In January 2018, Microsoft released a PowerShell script to check if your PC is vulnerable to Meltdown and Spectre.
  1. Press Win+S and search for PowerShell. Right-click and select Run as administrator

  2. Run PowerShell as Administrator
  3. Check the current ExecutionPolicy to make sure PowerShell will allow you to run scripts

    • Type Get-ExecutionPolicy and press Enter
    • If it says "Restricted", then type Set-ExecutionPolicy RemoteSigned and press Enter
    • PowerShell will ask for confirmation of the change. Type Y and press Enter
Set-ExecutionPolicy RemoteSigned
  1. Type Install-Module SpeculationControl and press Enter

    • If a message says "NuGet provider is required to continue" type Y and press Enter
    • Also type Y and press Enter for installing from an untrusted repository
Install-Module SpeculationControl
  1. Type Import-Module SpeculationControl and press Enter

  2. Finally type Get-SpeculationControlSettings and press Enter

Vulnerabilities Summary

The following table addresses the Meltdown and Spectre vulnerabilities and which processors are affected by them:

CVE Vulnerability Name Variant Affected Processors
CVE-2017-5753 Bounds check bypass Spectre Variant 1 AMD Intel
CVE-2017-5715 Branch target injection Spectre Variant 2 AMD Intel
CVE-2017-5754 Rogue data cache load Meltdown Variant 3 Intel
CVE-2018-3639 Speculative store bypass Spectre Variant 4 AMD Intel
CVE-2018-3620 L1 Terminal Fault Foreshadow Intel

Disabling Mitigations

The mitigations for Meltdown and Spectre can cause real performance hits to Windows 10. Currently, it is only possible to disable Spectre Variant 2 mitigations with a modification to the Windows 10 registry and a reboot.

WARNING: Disabling mitigations makes your system less secure and more vulnerable to attack

Disable Spectre Variant 2 Mitigations

  1. Press Win+S and search for Command Prompt. Right-click and select Run as administrator

  2. Execute the following commands:
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 1 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
  1. Reboot for the registry settings to take effect