BTI_RDCL.EXEdisplays the status of the mitigations for the vulnerabilities CVE-2017-5715 alias Branch Target Injection and CVE-2017-5754 alias Rogue Data Cache Load, better known by their nicknames
Spectre, as well as the mitigations for the vulnerability CVE-2018-3639 alias Speculative Store Bypass, also known as
Variant 4, CVE-2018-3640 alias Rogue System Register Read, also known as
Variant 3a, and CVE-2018-3615, CVE-2018-3620 plus CVE-2018-3646 alias L1 Terminal Fault, also known by its nickname
Note: the status of the mitigations for the vulnerabilities CVE-2017-5753 alias Bounds Check Bypass and CVE-2018-3693 alias Bounds Check Bypass Store can’t be shown: every sequence of machine code which is susceptible to these vulnerabilities needs to be fixed individually!
The MSKB articles 4090007, 4091663, 4091664, 4091666, 4093836, 4100347, 4346084, 4346085, 4346086, 4346087, 4346088 and 4465065 provide information about the microcode updates distributed through the Microsoft Update Catalog.
The posts Mitigating speculative execution side channel hardware vulnerabilities, KVA Shadow: Mitigating Meltdown on Windows, Analysis and mitigation of speculative store bypass (CVE-2018-3639) and Analysis and mitigation of L1 Terminal Fault (L1TF) on Microsoft’s Security Research and Defense Blog give additional information.
The article series Deep Dive: Introduction to Speculative Execution Side Channel Methods, Deep Dive: Analyzing Potential Bounds Check Bypass Vulnerabilities, Deep Dive: Intel Analysis of Speculative Behavior of SWAPGS and Segment Registers, Deep Dive: Indirect Branch Restricted Speculation, Deep Dive: Single Thread Indirect Branch Predictors, Deep Dive: Indirect Branch Predictor Barrier, Deep Dive: Retpoline: A Branch Target Injection Mitigation, Deep Dive: Managed Runtime Speculative Execution Side Channel Mitigations, Deep Dive: Intel Analysis of Microarchitectural Data Sampling, Deep Dive: Intel Analysis of L1 Terminal Fault, Deep Dive: Snoop-assisted L1 Data Sampling, Deep Dive: Intel® Transactional Synchronization Extensions (Intel® TSX) Asynchronous Abort, Deep Dive: Load Value Injection, Deep Dive: Special Register Buffer Data Sampling and Deep Dive: CPUID Enumeration and Architectural MSRs, plus More information on SWAPGS and Speculative only Segment Loads, An Optimized Mitigation Approach for Load Value Injection and Refined Speculative Execution Terminology give more details, while Processors Affected: Speculative Behavior of SWAPGS and Segment Registers, Processors Affected: Microarchitectural Data Sampling, Processors Affected: L1 Terminal Fault, Processors Affected: L1D Eviction Sampling, Processors Affected: Vector Register Sampling, Processors Affected: Snoop-assisted L1 Data Samplingm Processors Affected: Load Value Injection and Processors Affected: Special Register Buffer Data Sampling list the affected Intel processors.
BTI_RDCL.EXEdisplays two message boxes like that shown on the right.
With security update installed,
two message boxes like those shown below.
BTI_RDCL.EXEis a pure Win32 application, written in ANSI C, built with the
BTI_RDCL.EXEis digitally signed using an X.509 certificate issued by WEB.DE TrustCenter E-Mail Certification Authority.
Download and install the CA and root X.509 certificates of WEB.DE to validate and verify the digital signature.
-----BEGIN RSA PUBLIC KEY----- MIIBCgKCAQEA6ipnm9vAs63w+TM+9UcG1yQ8CRIxMz/tTXry9MCbeHpkiM/qdPaRWlwVTW2j PhC81xwIPZXgE1FE4DgE1eImb33DG2YfEBY/ARpMaGUnme+85WmExWWc/YMUAaHOMYQ3TQDX 0V/7yuhfa9Uc29ljtQ2AB0MjhXTJvGguvZZTI5A3rcN4+AKwmETdYH+8OQKMU2s+2H9CVfaD waX0aj9CeibGNooLTgDchzCBIC5J47qHned/3ZqnMDjYCv3Yc1HNgcbM+ZKzPoD8jShb/ptI wWPo9s00KEs9ti68RsmejqKovAmdLSzFLGARbue2uiqs4piJkxI0LS5+NTTPyZjsSwIDAQAB -----END RSA PUBLIC KEY-----
Note: due to its counter signature alias timestamp the digital signature remains valid past the X.509 certificates expiration date!
BTI_RDCL.EXEfrom the source and sign it with your own X.509 certificate.
and save it in an arbitrary, preferable empty directory.
makefile contains the sources as
and save it as
MELTDOWN.ICO in the directory used in
and save it as
SPECTRE.ICO in the directory used in
Run the following command line to build
NMAKE.EXE /R /F BTI_RDCL.MAKNote: if necessary, see the MSDN article
Use the Microsoft C++ toolset from the command linefor an introduction.
Microsoft (R) Program Maintenance Utility Version 10.00.40219.01 Copyright (C) Microsoft Corporation. All rights reserved. RC.EXE /DUNICODE /FoBTI_RDCL.RES /L 0 /N /R /V nm2A7.tmp Microsoft (R) Windows (R) Resource Compiler Version 6.1.7600.16385 Copyright (C) Microsoft Corporation. All rights reserved. Using codepage 1252 as default Creating BTI_RDCL.RES C:\Program Files\Microsoft Visual Studio 10.0\VC\Include\string.h(54) : warning RC4011: identifier truncated to '_CRT_SECURE_CPP_OVERLOAD_STANDA' C:\Program Files\Microsoft Visual Studio 10.0\VC\Include\string.h(76) : warning RC4011: identifier truncated to '_CRT_SECURE_CPP_OVERLOAD_SECURE' nm2A7.tmp. Writing ICON:1, lang:0x0, size 9640 Writing ICON:2, lang:0x0, size 4264 Writing ICON:3, lang:0x0, size 1128 Writing GROUP_ICON:1, lang:0x0, size 48. Writing ICON:4, lang:0x0, size 9640 Writing ICON:5, lang:0x0, size 4264 Writing ICON:6, lang:0x0, size 1128 Writing GROUP_ICON:2, lang:0x0, size 48. Writing 24:1, lang:0x0, size 1308. Writing VERSION:1, lang:0x0, size 1720 CL.EXE /Brepro /c /FoBTI_RDCL.OBJ /GA /GF /GS- /gw /Gy /nologo /O1 /Os /Tcnm2A8.tmp /W4 /we4013 /Zl nm2A8.tmp CL.EXE /Brepro /c /FoBTI_RDCL.TMP /nologo /Tcnm2A9.tmp /W4 /wd4100 /Zl nm2A9.tmp LINK.EXE /LIB /BREPRO /DEF /EXPORT:NtQuerySystemInformation /EXPORT:RtlNtStatusToDosError /NAME:NTDLL /NODEFAULTLIB /NOLOGO /OUT:BTI_RDCL.LIB BTI_RDCL.TMP Creating library BTI_RDCL.LIB and object BTI_RDCL.exp CERTUTIL.EXE /DecodeHex /F /V nm2AA.tmp BTI_RDCL.DOS Input Length = 730 Output Length = 160 CertUtil: -decodehex command completed successfully. LINK.EXE /LINK /BREPRO /DYNAMICBASE /ENTRY:wWinMainCRTStartup /FIXED:NO /LARGEADDRESSAWARE /NOCOFFGRPINFO /NODEFAULTLIB /NOLOGO /NXCOMPAT /OPT:REF /OSVERSION:5.0 /OUT:BTI_RDCL.EXE /RELEASE /STUB:BTI_RDCL.DOS /SUBSYSTEM:WINDOWS /SWAPRUN:CD,NET /VERSION:1.0 BTI_RDCL.OBJ BTI_RDCL.RES BTI_RDCL.LIB KERNEL32.LIB USER32.LIB ".\BTI_RDCL.EXE"
Use the X.509 certificate to send S/MIME encrypted mail.
Note: email in weird format and without a proper sender name is likely to be discarded!
HTML (and even
weirder formats too) in email, I prefer to receive plain text.
I also expect to see your full (real) name as sender, not your nickname.
I abhor top posts and expect inline quotes in replies.
as iswithout any warranty, neither express nor implied.
cookiesin the web browser.
The web service is operated and provided byTelekom Deutschland GmbH
The web service provider stores a
session cookie in the web
browser and records every visit of this web site with the following
data in an access log on their server(s):