It is currently Thu Jun 20, 2019 9:25 am

All times are UTC - 7 hours [ DST ]

Recent News:



Post new topic Reply to topic  [ 1 post ] 
Author Message
PostPosted: Sat Jan 06, 2018 10:42 pm 
Offline
Newbie
Newbie

Joined: Tue Dec 06, 2011 7:30 pm
Posts: 9
Location: North Carolina
Thanks: 0
Thanked: 2 times in 2 posts
I happen to run WHS 2011 on an HP Gen8 Microserver which HPE has published plans to issue a BIOS patch for the subject vulnerability - https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00039267en_us.

But to complete the fix you need the Microsoft patches to apply also (OS patches + BIOS CPU microcode patches). This is covered by the Windows 2008 R2 security patches we already get with WHS 2011, but will not install automatically if you have not installed any sort of Anti Virus package. I'm not sure why, but Windows Defender on WHS 2011 or Windows Server 2008 R2 will not trigger the pre-requisite registry key addition needed.

The comment to a post from user Bert5485 finally clued me in to the problem here - https://community.spiceworks.com/topic/2102479-microsoft-guidance-to-mitigate-speculative-execution-side-channel-vulnerabilitie. And after manually applying the registry change the security patches came thru Windows Update on WHS 2011 as expected.

The registry change I made manually to get it going is documented here by Microsoft - https://support.microsoft.com/en-us/help/4056897

Do not make this registry change manually if you are running any kind of antivirus package, as it was put there to prevent your server from doing a blue screen of death (BSOD) on boot up due to the security patch mitigation! Adding this registry key manually is just for those servers without any AV installed, or where the AV manufacturer has OK'd doing it.

BTW, the validation script from Microsoft requires PowerShell 5 to run. So if you haven't upgraded WHS 2011 to that, you will need to do that before you can run the Powershell validation of the vulnerability here - https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

Hope this helps someone else running into the same problem.


Top
 Profile  
Thanks  
The following user would like to thank drshock for this post
lioninstreet

Attention Guest: Remove this ad by Registering with the MediaSmartServer.net Forums. It's Free!
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 

All times are UTC - 7 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group