Meltdown & Spectre QID 91426 We have patched our system with the latest patches required and are now current, and our VM are still flagged for QID 91426 , are we still required to add these registry keys
Hi, the Threat description states how this QID is flagged:
This QID checks for the presence of following Registry key Value and if these registries are missing or values are wrong then this QID is flagged: Reg Key - HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management, Value - FeatureSettingsOverride, REG DWORD - "0" Reg Key - HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management, Value - FeatureSettingsOverrideMask, REG DWORD - "3"
And you'll also find this in the Results section of your scan results.
So unless those keys are found in the Registry, it'll continue to show up in your results.
Thank you for the response, I have gone through the QID details, what i am trying to understand is, the advisory says apply the patch which we have done, but these registry setting is not added.
Are we required to add these registry setting along with the patch or when we have applied the monthly cumulative security patch for march which includes these patches is sufficient from a treat perspective.
example, system running windows server 2016 has KB4056890 do I still need the registry setting ?
Windows Server 2016
Windows Server 2012 R2
Windows Server 2012
Windows Server 2008 R2
Windows Server 2008 SP2
The Threat description also says:
The Windows registry key settings are missing on the target. Microsoft requires you to apply following Registry Key settings in addition to Windows Patch (KB4056890, KB4056897, KB4056899)
So, yes you'll have to add the keys along with the patch.
Retrieving data ...