The VMware Carbon Black Tech Zone is live! Checkout this great resource: Mastering Carbon Black Audit & Remediation.

Spectre/Meltdown Vulnerable Machines

Description: Looks for machines that are vulnerable to Spectre/Meltdown based on registry setting and the MS patch. If the machines is missing either the registry setting or the MS patch then the machine is vulnerable.

What The Data Shows: There is a single column returned called 'Vulnerable" and if the value of '1' is returned then the machine is vulnerable. 

SQL: 

SELECT 1 as Vulnerable
FROM registry
WHERE path = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\FeatureSettingsOverride' and data != 0
UNION ALL select distinct 1 as Vulnerable from patches where 'KB4056892' not in (select hotfix_id from patches);

 

 

Tags (2)
1 Comment
jnelson
Carbon Black Employee
Status changed to: Approved