我有一台联想 ThinkCentre M800,运行 Windows 10 x64,1709。我应用了他们最新的 BIOS 更新,版本为 FWKT86A,然后运行 Get-SpeculationControlSettings(来自 Speculation Control PS 模块,用于确定您的 PC 是否仍处于危险之中),结果显示未受保护。我已确保 PC 完全是最新的,但仍然显示 PC 仍然容易受到 Spectre/Meltdown 的攻击。
有其他人遇到过这种情况吗?BIOS 更新确实可以预防 Spectre/Meltdown 吗?
以下是 Get-SpeculationControlSettings 的结果:
Get-SpeculationControlSettings
Speculation control settings for CVE-2017-5715 [branch target injection]
For more information about the output below, please refer to https://support.microsoft.com/en-in/help/4074629
Hardware support for branch target injection mitigation is present: False ||
Windows OS support for branch target injection mitigation is present: False||
Windows OS support for branch target injection mitigation is enabled: False
Speculation control settings for CVE-2017-5754 [rogue data cache load]
Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: False
Windows OS support for kernel VA shadow is enabled: False
Suggested actions
* Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injection mitigation.
* Install the latest available updates for Windows with support for speculation control mitigations.
* Follow the guidance for enabling Windows Client support for speculation control mitigations described in https://support.microsoft.com/help/4073119
BTIHardwarePresent : False
BTIWindowsSupportPresent : False
BTIWindowsSupportEnabled : False
BTIDisabledBySystemPolicy : False
BTIDisabledByNoHardwareSupport : False
KVAShadowRequired : True
KVAShadowWindowsSupportPresent : False
KVAShadowWindowsSupportEnabled : False
KVAShadowPcidEnabled : False