Using PowerShell to Check Remote Windows Systems for CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre)

The Microsoft Security Response Center has released a PowerShell module named SpeculationControl that can be used to check for the CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) vulnerabilities.

The SpeculationControl module can be installed from the PowerShell Gallery with Install-Module which is part of the PowerShellGet module that ships natively with PowerShell version 5.0, but can be installed on PowerShell version 3.0 and higher.

Install-Module -Name SpeculationControl -Force

spec-control1a.jpg

Running the one function Get-SpeculationControlSettings contained in the SpeculationControl module is simple enough, although it does require the script execution policy to be set to remote signed or less restrictive.

Get-SpeculationControlSettings

spec-control2a.jpg

One problem is the function doesn’t have any parameters for running it remotely. In fact, it doesn’t have any parameters whatsoever.

Get-Command -Name Get-SpeculationControlSettings -Syntax

spec-control3a.jpg

While you could deploy this module to all of your remote systems, that would be a less than desirable solution.

There’s a technique I blogged about back in 2014 where you can Run a local PowerShell Function against a Remote Computer with PowerShell Remoting that can be used to run this function which only exists on your local computer against remote systems without requiring the function itself to exist on the remote system.

This does however require PowerShell remoting to be enabled on the remote system.

Invoke-Command -ComputerName srv1 ${function:Get-SpeculationControlSettings}

spec-control4b.jpg

When the function is used as shown in the previous example, it doesn’t trigger the module auto-loading functionality that was introduced in PowerShell version 3.0, so if you haven’t already run the command against the local computer, you’ll receive the following error message.

spec-control5a.jpg

To resolve this problem, simply import the SpeculationControl module manually.

Import-Module -Name SpeculationControl

spec-control6a.jpg

You could also rework their command since it’s a function (not complied) or write a proxy function to add remoting functionality without having to resort to this technique.

One thing to note is the Get-SpeculationControlSettings function uses the Get-WMIObject cmdlet so it’s not compatible with PowerShell Core.

ยต