Monitor Meltdown Spectre Vulnerabilities with SCCM Configuration Manager ConfigMgr. Microsoft has released a Microsoft signed CAB file here to check and monitor Meltdown Spectre Vulnerabilities. In this post, we will see a video tutorial that explains how to download, Import, and deploy the configuration baseline for Microsoft Security Advisory ADV180002.
I did test the CAB file import process on SCCM CB 1710 production version. But I’m not sure whether this will work for previous version of SCCM (SCCM 2012 R2) environment. It may not work as it has latest OS versions selected as Supported platforms (Server 2016 etc..)
Download the Microsoft signed CAB file here
Subscribe YouTube Channel here
This Compliance Settings configuration baseline is used to confirm whether Windows 10, Windows 7, Server 2008, Server 2012 and Server 2016 have enabled the protections needed to protect against the Meltdown Spectre Vulnerabilities.
Following are the high-level steps
- Download the Microsoft Signed CAB file from TechNet gallery
- Import a configuration Data CAB file to check SCCM managed machines are out of danger or not from Meltdown and Spectre.
- Check Meltdown CI properties. PowerShell script is used to confirm whether the systems are vulnerable or not.
- Check Spectre CI properties. PowerShell script is used to confirm whether the system are vulnerable or not.
- Check and confirm the baseline properties before deploying it to devices.
- Monitor compliance report for Meltdown Spectre Vulnerabilities
- Understanding the performance impact of Spectre and Meltdown mitigation on Windows Systems – here
- Meltdown, Spectre, and the State of Technology – here
- Additional guidance to mitigate speculative execution side-channel vulnerabilities – here