Legacy Update: Get back online, activate, and install updates on your legacy Windows PC

This Configuration Manager configuration baseline is used to confirm whether a system has enabled the protections needed to protect against the speculative-execution side-channel vulnerabilities as described in Microsoft Security Advisory ADV180002, Microsoft Security Advisory ADV180012, Microsoft Security Advisory ADV180018 and Microsoft Security Advisory ADV190013. It is based on the functionality in the PowerShell module Get_SpeculationControlSettings. It requires at least PowerShell 3.0.

Files

Status: Live This download is still available on microsoft.com. The downloads below will come directly from the Microsoft Download Center.

Files
License.rtf Size: 47 KB
Speculative Execution Baseline Usage Guide.pdf Size: 150 KB
Speculative Execution Side-Channel Vulnerabilities_2019.08.29.cab Size: 105 KB

File sizes and hashes are retrieved from the Wayback Machine’s indexes. They may not match the latest versions of files hosted on Microsoft servers.

The compliance baseline requires:

• A supported verion of Configuration Manager.
• At least PowerShell 3.0.

1. To import this configuration baseline, download the .cab file and follow the instructions here: https://docs.microsoft.com/mem/configmgr/compliance/deploy-use/import-configuration-data.
2. To deploy the configuration baseline, follow the instructions here: https://docs.microsoft.com/mem/configmgr/compliance/deploy-use/deploy-configuration-baselines. Note: the embedded PowerShell scripts are signed. To deploy signed PowerShell scripts the code signing cert needs to be a trusted publisher. The first four CIs and the last CI are signed with two different certificates. Both certificates need to be trusted.
3. To view the compliance results, follow the instructions here: https://docs.microsoft.com/mem/configmgr/compliance/deploy-use/monitor-compliance-settings.

See the included user guide for further information.