Search 10,000+ fixes & guides ⌘K Write a guide
News 3 min read

Millions of computers left vulnerable by Meltdown and Spectre exploits

10 minutes Windows 10 In the beginning of January 2018, cyber security researches reported a serious CPU flaw that was initially found in Intel processors. Intel responded to official reports and admitted that the flaw has really been detected, but it’s not exclusive to Intel products only. Cpu flaw in intel chips Further investigations revealed […]

Gabriel E. Hall ·
Cpu flaw in intel chips
0 Comments
10 minutes Windows 10

In the beginning of January 2018, cyber security researches reported a serious CPU flaw that was initially found in Intel processors. Intel responded to official reports and admitted that the flaw has really been detected, but it’s not exclusive to Intel products only.

Cpu flaw in intel chips
Cpu flaw in intel chips

Further investigations revealed two vulnerabilities that affected modern processors, including Intel, Advanced Micro Devices (AMD), and ARM. Dubbed as “Meltdown” and “Spectre,” the security flaws are treated extremely seriously because in case of exploitation, cyber criminals may get access to the memory where personal information, including but not limited to passwords, emails, photos, documents, browser history, etc. is stored.

Both Meltdown and Spectre flaws exploit speculative execution – a specific processor performance when central processing unit (CPU) predicts the actions of the device user and starts executing them beforehand. In case the user changes his mind and opts for another action, speculative execution rolls back. Here’s where Meltdown and Spectre flaws manifest and enable access to the memory that can’t normally be accessed.

Meltdown, aka CVE-2017-5754 and “rogue data cache load,” and Spectre was revealed by a group of scholars most of whom are working in Universities of Technology. The first one has been found in chips manufactured by Intel only and it’s the one that is most likely to be exploited. According to the researchers, “Meltdown enables an adversary to read memory of other processes or virtual machines in the cloud without any permissions or privileges, affecting millions of customers and virtually every user of a personal computer.

While the range of Intel processors affected by Meltdown is vast, actually every processor since 1995 (except Intel Itanium and Intel Atom before 2013), Specter affected nearly every type if device (Intel, AMD, and ARM processors). The latter is also more complicated to exploit and guard against as it uses two exploitation techniques – CVE-2017-5753 and CVE-2017-5715. The exploit seems to be conducted through JavaScript running on the web browser and enables other apps’ access to the privileged memory.

These two major hardware exploits caused commotion among hardware manufacturers. Microsoft has already released a patch to mend a part of the problem on Windows 10. Intel, AMD, and ARM chips’ manufacturers have also started rolling out firmware updates to address the other part of the flaw. According to experts, Linux and Windows kernels has had to be redesigned to immunize the chip-level security bug.

By installing the patch updates, both Meltdown and Spectre should be fully patched. In case the hole is not fixed completely, the vulnerability may be abused by programs and logged-in uses to read the content of the kernel's memory, which means that all sensitive information may get accessible to cyber crooks. 

 

Therefore, to prevent incomplete immunization of the flaw, Microsoft developed a PowerShell script, which checks the status of the device and reports whether it’s still vulnerable. To run the CPU vulnerability check, you have to:

  • Press Windows key and type PowerShell.
  • Right-click on Windows PowerShell entry and select Run as administrator.
  • Copy and paste the Install-Module SpeculationControl command and hit Enter.
  • Now type Y and press Enter to enable NuGet provider.
  • If a prompt asking to confirm the installation occurs, type Y and Enter once again.
  • Once done, copy and paste the following commands and hit Enter after each:

$SaveExecutionPolicy = Get-ExecutionPolicy
Set-ExecutionPolicy RemoteSigned -Scope Currentuser

  • Now press Y and hit Enter.
  • Copy and paste the following commands and hit Enter after each:

Import-Module SpeculationControl
Get-SpeculationControlSettings

That’s it. Your PC is fully protected only if Windows 10 emergency update, required version of the BIOS or UEFI updates are installed. If all the requirements under “branch target injection” and “rogue data cache load” are set to True and highlighted in green, it means that the exploit has been patched.

  • As soon as you check the status of your PC, type Set-ExecutionPolicy $SaveExecutionPolicy -Scope Currentuser command in the PowerShell window and press Enter.
  • Then type Y and hit Enter. This command will roll back the execution policy to the previous state.
Did this fix work for you?
Gabriel E. Hall

Written by

Gabriel E. Hall
Malware Removal Expert
Malware removal Ransomware recovery Browser hijackers Spyware analysis Security tools testing

Gabriel E. Hall is a malware removal expert and cybersecurity researcher with over ten years of hands-on experience analysing threats and writing removal guides. She has documented hundreds of malware families — from browser hijackers and adware to ransomware and rootkits — providing step-by-step cleanup instructions tested against real infections. Gabriel's work combines deep technical analysis with clear, actionable language that readers without a security background can follow. Her guides consistently appear among the most-referenced resources for malware removal on Windows systems.

609 guides published LinkedIn ↗ All articles →
0 Comments

Be the first to comment

Log in to post your comment
Log in to comment

Still worried? Run a free check.

Paste any URL or domain — we'll scan it against 4.2M known threats in 10 seconds.

View full scanner → Add to your website →