A fellow Security Now listener! For what it's worth, InSpectre was completely wrong on my completely normal test system, and in total conflict with Microsoft's tool
. I see there was a new release this morning (just called "Release #2"), but nothing has changed for me:
- Physical server with fixed BIOS installed
- Windows Server 2016 with January update installed, which contains the fixes
- Windows patches not
actually enabled because on Windows Server, the patches remain disabled by default unless you manually create certain registry values, which I had not done.
- Firmware has been patched -- correct
- OS is aware of Meltdown but not Spectre because it hasn't been patched to handle the latter -- incorrect
- OS not currently providing Meltdown protection because it hasn't been patched or protection has been deliberately disabled -- mostly incorrect
since no protection is the default Server config.
- Registry is configured to enable both protections -- incorrect
- Despite the tool claiming no Meltdown protection is available and that the registry is properly configured (both incorrect), the "Disable Meltdown Protection" button was available, which makes no sense. The "Enable Spectre Protection" button was not.
Microsoft's tool may not report as eloquently, but it at least reports the system state accurately.