Monitor Meltdown Spectre Vulnerabilities with SCCM Configuration Manager ConfigMgr

Monitor Meltdown Spectre Vulnerabilities with SCCM Configuration Manager ConfigMgr. Microsoft has released a Microsoft signed CAB file here to check and monitor Meltdown Spectre Vulnerabilities.

In this post, we will see a video tutorial that explains how to download, Import, and deploy the configuration baseline for Microsoft Security Advisory ADV180002.

Monitor Meltdown Spectre Vulnerabilities with SCCM

I did test the CAB file import process on SCCM CB 1710 production version. But I’m not sure whether this will work for the previous version of the SCCM (SCCM 2012 R2) environment.

It may not work as it has the latest OS versions selected as Supported platforms (Server 2016 etc..)

Patch My PC

Download the Microsoft signed CAB file

Subscribe YouTube Channel

This Compliance Settings configuration baseline is used to confirm whether Windows 10, Windows 7, Server 2008, Server 2012, and Server 2016 have enabled the protections needed to protect against the Meltdown Spectre Vulnerabilities.

Monitor Meltdown Spectre Vulnerabilities with SCCM ConfigMgr
Monitor Meltdown Spectre Vulnerabilities with SCCM

Following are the high-level steps

  1. Download the Microsoft Signed CAB file from the TechNet Gallery
  2. Import a configuration Data CAB file to check SCCM managed machines are out of danger or not from Meltdown and Spectre.
  3. Check Meltdown CI properties. The PowerShell script is used to confirm whether the systems are vulnerable or not.
  4. Check Spectre CI properties. The PowerShell script is used to confirm whether the system is vulnerable or not.
  5. Check and confirm the baseline properties before deploying it to devices.
  6. Monitor compliance report for Meltdown Spectre Vulnerabilities
Monitor Meltdown Spectre Vulnerabilities with SCCM ConfigMgr
Monitor Meltdown Spectre Vulnerabilities with SCCM

Resources

Monitor Meltdown Spectre Vulnerabilities with SCCM

Author

Anoop is Microsoft MVP! He is a Solution Architect in enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc……………

5 thoughts on “Monitor Meltdown Spectre Vulnerabilities with SCCM Configuration Manager ConfigMgr”

  1. Thanks for the helpful post. I imported the cab into our ConfigMgr 1706 server running Server 2016 and i get the following when i try to open the properties of the Configuration Baseline.

    ConfigMgr Error Object:
    instance of __ExtendedStatus
    {
    Operation = “GetObject”;
    ParameterInfo = “SMS_ConfigurationBaselineInfo.CI_ID=16839780”;
    ProviderName = “WinMgmt”;
    };

    Error Code:
    NotFound

    ——————————-
    Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlQueryException
    The SMS Provider reported an error.

    Stack Trace:
    at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlResultObject.Get(ReportProgress progressReport)
    at Microsoft.ConfigurationManagement.AdminConsole.UtilityClass.GetWithStatus(IResultObject selectedResultObject)
    at Microsoft.ConfigurationManagement.AdminConsole.UtilityClass.RefreshForAction(ActionDescription actionItemDescription, IResultObject selectedResultObject)
    at Microsoft.ConfigurationManagement.AdminConsole.SccmTaskHandlerBase.DoTask(IList`1 navigationNodes, NavigationModelNodeTask task)
    at Microsoft.EnterpriseManagement.ConsoleFramework.WindowTaskHandler.WindowTaskOperation.ExecuteTaskJob(Object sender, ConsoleJobEventArgs jobArguments)
    at Microsoft.ConfigurationManagement.AdminConsole.ConsoleJobExceptionHandler.ExecuteJob(IComponent component, EventHandler`1 job, Object sender, ConsoleJobEventArgs args)

    ——————————-

    System.Management.ManagementException
    Not found

    Stack Trace:
    at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlResultObject.Get(ReportProgress progressReport)
    at Microsoft.ConfigurationManagement.AdminConsole.UtilityClass.GetWithStatus(IResultObject selectedResultObject)
    at Microsoft.ConfigurationManagement.AdminConsole.UtilityClass.RefreshForAction(ActionDescription actionItemDescription, IResultObject selectedResultObject)
    at Microsoft.ConfigurationManagement.AdminConsole.SccmTaskHandlerBase.DoTask(IList`1 navigationNodes, NavigationModelNodeTask task)
    at Microsoft.EnterpriseManagement.ConsoleFramework.WindowTaskHandler.WindowTaskOperation.ExecuteTaskJob(Object sender, ConsoleJobEventArgs jobArguments)
    at Microsoft.ConfigurationManagement.AdminConsole.ConsoleJobExceptionHandler.ExecuteJob(IComponent component, EventHandler`1 job, Object sender, ConsoleJobEventArgs args)

    Reply
    • So if I understand correctly, CAB file is getting imported without any issue. After the import you are not able to open the CI. Is that correct understanding? Have you tried to close the console and reopen it?

      Reply
  2. Yes, the CAB imports and i can work with the CIs, but i can’t open, deploy etc the Configuration Baseline. I also can’t delete it. I’m assuming that it has something to do with WMI because it says it can’t find

    instance of __ExtendedStatus
    {
    Operation = “GetObject”;
    ParameterInfo = “SMS_ConfigurationBaselineInfo.CI_ID=16839780”;
    ProviderName = “WinMgmt”;
    };

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.