BTI_RDCL.EXE
displays the status of the mitigations for the vulnerabilities
CVE-2017-5715
alias Branch Target Injection and
CVE-2017-5754
alias Rogue Data Cache Load, better known by their
nicknames
Meltdownand
Spectre, as well as the mitigations for the vulnerability CVE-2018-3639 alias Speculative Store Bypass, also known as
Spectre-NGor
Variant 4, CVE-2018-3640 alias Rogue System Register Read, also known as
Spectre-NGor
Variant 3a, and CVE-2018-3615, CVE-2018-3620 plus CVE-2018-3646 alias L1 Terminal Fault, also known by its nickname
Foreshadow.
Note: the status of the mitigations for the vulnerabilities CVE-2017-5753 alias Bounds Check Bypass and CVE-2018-3693 alias Bounds Check Bypass Store can’t be shown: every sequence of machine code which is susceptible to these vulnerabilities needs to be fixed individually!
The MSKB articles 4090007, 4091663, 4091664, 4091666, 4093836, 4100347, 4346084, 4346085, 4346086, 4346087, 4346088 and 4465065 provide information about the microcode updates distributed through the Microsoft Update Catalog.
The posts Mitigating speculative execution side channel hardware vulnerabilities, KVA Shadow: Mitigating Meltdown on Windows, Analysis and mitigation of speculative store bypass (CVE-2018-3639) and Analysis and mitigation of L1 Terminal Fault (L1TF) on Microsoft’s Security Research and Defense Blog give additional information.
BTI_RDCL.EXE
displays two message boxes like that shown on the right.
With security update installed, BTI_RDCL.EXE
displays
two message boxes like those shown below.
BTI_RDCL.EXE
is a pure Win32 application,
written in
ANSI C,
built with the BTI_RDCL.EXE
is
digitally signed
using an
X.509
certificate
issued by
WEB.DE TrustCenter E-Mail Certification Authority.
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA6ipnm9vAs63w+TM+9UcG1yQ8CRIxMz/tTXry9MCbeHpkiM/qdPaRWlwVTW2j
PhC81xwIPZXgE1FE4DgE1eImb33DG2YfEBY/ARpMaGUnme+85WmExWWc/YMUAaHOMYQ3TQDX
0V/7yuhfa9Uc29ljtQ2AB0MjhXTJvGguvZZTI5A3rcN4+AKwmETdYH+8OQKMU2s+2H9CVfaD
waX0aj9CeibGNooLTgDchzCBIC5J47qHned/3ZqnMDjYCv3Yc1HNgcbM+ZKzPoD8jShb/ptI
wWPo9s00KEs9ti68RsmejqKovAmdLSzFLGARbue2uiqs4piJkxI0LS5+NTTPyZjsSwIDAQAB
-----END RSA PUBLIC KEY-----
Download and install the
CA
and
root
X.509 certificates of
WEB.DE
to validate and verify the digital signature.
Note: due to its counter signature alias timestamp the digital signature remains valid past the X.509 certificates expiration date!
BTI_RDCL.EXE
from the source and sign it with your own
X.509
certificate.
Download the makefile
BTI_RDCL.MAK
and save it in an arbitrary, preferable empty directory.
Download the Meltdown
icon
and save it as MELTDOWN.ICO
in the directory used in
step 1.
Download the Spectre
icon
and save it as SPECTRE.ICO
in the directory used in
step 1.
Run the following command line to build BTI_RDCL.EXE
:
NMAKE.EXE /R /F BTI_RDCL.MAK
Microsoft (R) Program Maintenance Utility Version 10.00.40219.01 Copyright (C) Microsoft Corporation. All rights reserved. RC.EXE /DUNICODE /FoBTI_RDCL.RES /L 0 /N /R /V nm2A7.tmp Microsoft (R) Windows (R) Resource Compiler Version 6.1.7600.16385 Copyright (C) Microsoft Corporation. All rights reserved. Using codepage 1252 as default Creating BTI_RDCL.RES C:\Program Files\Microsoft Visual Studio 10.0\VC\Include\string.h(54) : warning RC4011: identifier truncated to '_CRT_SECURE_CPP_OVERLOAD_STANDA' C:\Program Files\Microsoft Visual Studio 10.0\VC\Include\string.h(76) : warning RC4011: identifier truncated to '_CRT_SECURE_CPP_OVERLOAD_SECURE' nm2A7.tmp. Writing ICON:1, lang:0x0, size 9640 Writing ICON:2, lang:0x0, size 4264 Writing ICON:3, lang:0x0, size 1128 Writing GROUP_ICON:1, lang:0x0, size 48. Writing ICON:4, lang:0x0, size 9640 Writing ICON:5, lang:0x0, size 4264 Writing ICON:6, lang:0x0, size 1128 Writing GROUP_ICON:2, lang:0x0, size 48. Writing 24:1, lang:0x0, size 1308. Writing VERSION:1, lang:0x0, size 1720 CL.EXE /c /FoBTI_RDCL.OBJ /GA /GF /GS- /Gy /nologo /O1 /Os /Tcnm2A8.tmp /W4 /we4013 /Zl nm2A8.tmp CL.EXE /c /FoBTI_RDCL.TMP /nologo /Tcnm2A9.tmp /W4 /wd4100 /Zl nm2A9.tmp LINK.EXE /LIB /DEF /EXPORT:NtQuerySystemInformation /EXPORT:RtlNtStatusToDosError /NAME:NTDLL /NODEFAULTLIB /NOLOGO /OUT:BTI_RDCL.LIB BTI_RDCL.TMP Creating library BTI_RDCL.LIB and object BTI_RDCL.exp CERTUTIL.EXE /DecodeHex /F /V nm2AA.tmp BTI_RDCL.DOS Input Length = 730 Output Length = 160 CertUtil: -decodehex command completed successfully. LINK.EXE /LINK /DYNAMICBASE /ENTRY:wWinMainCRTStartup /FIXED:NO /IGNORE:4060 /LARGEADDRESSAWARE /NODEFAULTLIB /NOLOGO /NXCOMPAT /OPT:REF /OSVERSION:5.0 /OUT:BTI_RDCL.EXE /RELEASE /STUB:BTI_RDCL.DOS /SUBSYSTEM:WINDOWS /SWAPRUN:CD,NET /VERSION:1.0 BTI_RDCL.OBJ BTI_RDCL.RES BTI_RDCL.LIB KERNEL32.LIB USER32.LIB ".\BTI_RDCL.EXE"
Notes: I dislike
HTML (and
even weirder formats too) in email, I prefer to receive plain text.
I also expect to see your full (real) name as sender, not your
nickname!
Emails in weird formats and without a proper sender name are likely
to be discarded.
I abhor top posts and expect inline quotes in replies.
as iswithout any warranty, neither express nor implied.
cookies.
The service provider for *.homepage.t-online.de, Deutsche Telekom AG,
session cookie.