Built off the open source project Osquery
Description: Looks for machines that are vulnerable to Spectre/Meltdown based on registry setting and the MS patch. If the machines is missing either the registry setting or the MS patch then the machine is vulnerable.
What The Data Shows: There is a single column returned called 'Vulnerable" and if the value of '1' is returned then the machine is vulnerable.
SQL:
SELECT 1 as Vulnerable
FROM registry
WHERE path = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\FeatureSettingsOverride' and data != 0
UNION ALL select distinct 1 as Vulnerable from patches where 'KB4056892' not in (select hotfix_id from patches);
Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.