• Sign in to Neowin Faster!

    Create an account on Neowin to contribute and support the site.

Sign in to follow this  

How to disable Kernel Page Table Isolation (KPTI) after installing KB4056892?

Recommended Posts

Mockingbird    2,711

I have an AMD processor and my computer is not susceptible to the Meltdown attack.

 

How do I turn off Kernel Page Table Isolation (KPTI) after installing KB4056892?

Share this post


Link to post
Share on other sites
eilegz    105

uninstall it

Share this post


Link to post
Share on other sites
DeusProto    982

Microsoft calls it 'Speculative Control'

 

I saw this in the Windows Server 2016 guidance. I have no idea if it works for non-Server:

 

"

To disable the mitigations

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 3 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f

"

 

I tried debugging ntoskrnl.exe and ntdll.dll to find string references to 'FeatureSettingsOverrideMask' and none were found, so it's probably only in the Server 2016 kernel.

  • Like 2

Share this post


Link to post
Share on other sites
Mockingbird    2,711
6 minutes ago, DeusProto said:

Microsoft calls it 'Speculative Control'

 

I saw this in the Windows Server 2016 guidance. I have no idea if it works for non-Server:

 

"

To disable the mitigations

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 3 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /

"

 

I tried debugging ntoskrnl.exe and ntdll.dll to find string references to 'FeatureSettingsOverrideMask' and none were found, so it's probably only in the Server 2016 kernel.

https://support.microsoft.com/en-gb/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s

 

Interesting.

 

It looks like you might be able to check if the feature is enabled with the following command in PowerShell (possibly Windows Server 2016/2012 R2 only):

 

 

SpeculationControlSettings

  • Like 1

Share this post


Link to post
Share on other sites
Mockingbird    2,711

SC.png

Share this post


Link to post
Share on other sites
xasx    1

I am on Insider Preview build 17063.

 

I can find the strings in ntoskrnl.exe via Sysinternals' strings:

 

8480872:FeatureSettingsOverride
8480920:FeatureSettingsOverrideMask

 

After adding the respective registry values (setting to 3), the Powershell cmdlet changes its output to:

 

Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: False


 

However, build 17063 does not seem to have mitigation for CVE-2017-5715 [branch target injection] - at least not on my system, whether before or after the registry modifications. 

 

And: Why did I do this? I was feeling a significant decrease of performance after installing the Insider build and wanted to test - after I now know why - whether it is resolved by disabling the mitigation. So far, it feels better.

  • Like 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.