Scripts/Vulnerabilities/MeltdownSpectreStatus.ps1
|
try { $HotfixEnabled=$False $HotfixInstalled=$false $kvaShadowRequired=$true if ($Win32_Processor -is [array]) { $Win32_Processor = $Win32_Processor[0] } $manufacturer = $Win32_Processor.Manufacturer if ($manufacturer -eq "AuthenticAMD") { $kvaShadowRequired = $false } elseif ($manufacturer -eq "GenuineIntel") { $regex = [regex]'Family (\d+) Model (\d+) Stepping (\d+)' $result = $regex.Match($cpu.Description) if ($result.Success) { $family = [System.UInt32]$result.Groups[1].Value $model = [System.UInt32]$result.Groups[2].Value $stepping = [System.UInt32]$result.Groups[3].Value if (($family -eq 0x6) -and (($model -eq 0x1c) -or ($model -eq 0x26) -or ($model -eq 0x27) -or ($model -eq 0x36) -or ($model -eq 0x35))) { $kvaShadowRequired = $false } } } else { $kvaShadowRequired="Unsupported processor $manufacturer" } $AntivirusUpdatedKey=RegGetValue -key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat" -Value "cadca5fe-87d3-4b96-b7fb-a231484277cc" -GetValue GetDWORDValue -ErrorAction SilentlyContinue if ($AntivirusUpdatedKey -eq 0) { $AntivirusUpdatedKeyIsPresent=$true } else { $AntivirusUpdatedKeyIsPresent=$False } $FeatureSettingsOverride=RegGetValue -key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" -Value "FeatureSettingsOverride" -GetValue GetDWORDValue -ErrorAction SilentlyContinue $FeatureSettingsOverrideMask=RegGetValue -key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" -Value "FeatureSettingsOverrideMask" -GetValue GetDWORDValue -ErrorAction SilentlyContinue if ($FeatureSettingsOverride -eq 3) { $HotfixEnabled=$False } elseif($FeatureSettingsOverride -eq 0) { $HotfixEnabled=$true } if ($Win32_OperatingSystem.ProductType -eq 1) { if ($FeatureSettingsOverride -eq $null -and $FeatureSettingsOverrideMask -eq $null) { $HotfixEnabled=$true } } else { if ($FeatureSettingsOverride -eq $null -and $FeatureSettingsOverrideMask -eq $null) { $HotfixEnabled=$False } } if ($Protocol -eq "Dcom") { Write-Warning "$Computername The information received with the help of Dcom protocol may be incorrect. Use the protocol Wsman to determine MeltdownSpectreStatus" $HotfixArray=@( "KB4056892", "KB4056891", "KB4056890", "KB4056888", "KB4056893", "KB4056894", "KB4056897" ) $Kb=$Win32_QuickFixEngineering | Where-Object {$HotfixArray -eq $_.HotFixID} if ($Kb) { $HotfixInstalled=$true } else { $HotfixInstalled=$False } } else { $NtQSIDefinition = @' [DllImport("ntdll.dll")] public static extern int NtQuerySystemInformation(uint systemInformationClass, IntPtr systemInformation, uint systemInformationLength, IntPtr returnLength); '@ $ntdll = Add-Type -MemberDefinition $NtQSIDefinition -Name 'ntdll' -Namespace 'Win32' -PassThru [System.IntPtr]$systemInformationPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal(4) [System.IntPtr]$returnLengthPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal(4) [System.UInt32]$systemInformationClass = 201 [System.UInt32]$systemInformationLength = 4 $retval = $ntdll::NtQuerySystemInformation($systemInformationClass, $systemInformationPtr, $systemInformationLength, $returnLengthPtr) if ($retval -eq 0) { [System.UInt32]$scfBpbEnabled = 0x01 [System.UInt32]$scfBpbDisabledSystemPolicy = 0x02 [System.UInt32]$flags = [System.UInt32][System.Runtime.InteropServices.Marshal]::ReadInt32($systemInformationPtr) $btiWindowsSupportEnabled = (($flags -band $scfBpbEnabled) -ne 0) $HotfixEnabled = (($flags -band $scfBpbDisabledSystemPolicy) -eq 0) $HotfixInstalled=$true } if (!$HotfixEnabled) { $HotfixEnabled=$False } } $PsObject=New-Object -TypeName Psobject $PsObject | Add-Member -MemberType NoteProperty -Name CpuIsVulnerable -Value $kvaShadowRequired $PsObject | Add-Member -MemberType NoteProperty -Name FixInstalled -Value $HotfixInstalled $PsObject | Add-Member -MemberType NoteProperty -Name FixEnabled -Value $HotfixEnabled $PsObject | Add-Member -MemberType NoteProperty -Name AntivUpKeyIsPresent -Value $AntivirusUpdatedKeyIsPresent if ($HotfixInstalled -and $HotfixEnabled) { $status="Patched" } elseif($HotfixInstalled -and !$HotfixEnabled) { $status="DisabledBySystemPolicy" } elseif(!$kvaShadowRequired) { $status="NotRequired" } else { $status="NotPatched" } $PsObject | Add-Member -MemberType NoteProperty -Name Status -Value $Status $PsObject } catch { Write-Error $_ } |