Hilbert Hagedoorn:

What a mess this is becoming. Over the weekend Microsoft released an update (in the weekend even) outside of its usual monthly schedule, end-users who experience restart/reboot problems can now disabl... Microsoft releases update to reverse problematic Spectre patch

Been saying this since day one , that this is one huge mess the way this info about these flaws was released into public was bad, and they way the CPU makers MS and everyone else supposed to be fixing and pluging the issue, is being handled is just as bad., they all seem to opt of the option mean the less work Either way this "update" disable something i have installed but not enable cause i need microcode. Like it be said by others, maybe MS just do retpoline, which seems to have no performance hit and will solve everyone problem with update? cause microcode updates arnt the way to go protect everyone, cause of the nature of how there need to be done majority of people will never do it. MS need do pick solution that will protect the most people, there current solution isnt not it.

arg stupid dbl posts

Sergio:

It adds/alters 2 registry keys after executing, yes it is normal, no popups. Go to Regedit > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management > And check "FeatureSettingsOverride" and "FeatureSettingsOverrideMask" there and both should be "1" after KB execute. I tested "FeatureSettingsOverride". Changed it to "0" and executed KB exe. It changed to "1". https://i.imgur.com/5DgPcG7.png https://i.imgur.com/xD8W0cc.png

Thank you for this helpfull reply!

Hi, Microsoft implemented Reptoline for 1809 and later builds and recommeds to enable Spectre v2 warrant mitigation. https://support.microsoft.com/en-gb/help/4494441/windows-10-update-kb4494441 I used recommended settings from this site to disable Spectre v2 warrant mitigation in the past. FeatureSettingsOverride = 0x1 FeatureSettingsOverrideMask = 0x1 Can someone explain the role of FeatureSettingsOverrideMask? FeatureSettingsOverride is pretty straight forward. 01b - Spectre v2 disabled 10b - Meltdown disabled 11b - Both Disabled FeatureSettingsOverrideMask 01b - masking / checking setting Spectre v2 e.g. 01b & 01b ===> What happens here for Meltdown mitigation? Is it disabed due to being masked out by using 0x1 as parameter OR FeatureSettingsOverride override setting is ignored for Meltdown and it uses operating system defaults e.g default ON for client systems. 10b - masking / checking settings Meltdown e.g. 01b & 10b 11b - masking / checking both settings Spectre v2 and Meltdown, 01b & 11b https://support.microsoft.com/en-us/help/4072698/windows-server-speculative-execution-side-channel-vulnerabilities-prot FeatureSettingsOverride represents a bitmap that overrides the default setting and controls which mitigations will be disabled. Bit 0 controls the mitigation that corresponds to CVE-2017-5715. Bit 1 controls the mitigation that corresponds to CVE-2017-5754. The bits are set to 0 to enable the mitigation and to 1 to disable the mitigation. FeatureSettingsOverrideMask represents a bitmap mask that's used together with FeatureSettingsOverride. In this situation, we use the value 3 (represented as 11 in the binary numeral or base-2 numeral system) to indicate the first two bits that correspond to the available mitigations. This registry key is set to 3 both to enable or to disable the mitigations.

It's hard to say how this freaking mask works since if you enable all mitigations, they still use mask 0x3 (11b). And it looks like they re-purposed meaning of set bit for bits 3 and higher in FeatureSettingsOverride registry setting. Now 1b means the mitigation is enabled. What the actual fuck, Microsoft? You can't keep own convention here? To enable mitigations for Microarchitectural Data Sampling (CVE-2018-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130) along with Spectre [ CVE-2017-5753 & CVE-2017-5715 ] and Meltdown [ CVE-2017-5754 ] variants, including Speculative Store Bypass Disable (SSBD) [ CVE-2018-3639 ] as well as L1 Terminal Fault (L1TF) [ CVE-2018-3615, CVE-2018-3620, and CVE-2018-3646 ] with Hyper-Threading disabled: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 8264 /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f I found this app, was shown somewhere on guru3d some time ago. It looks like Meltdown is still enabled with settings FeatureSettingsOverride = 0x1 FeatureSettingsOverrideMask = 0x1 https://www.grc.com/inspectre.htm https://i.postimg.cc/tgcW4Q1R/spectre.png