AnsweredAssumed Answered

Spectre and Meltdown, QID 91462

Question asked by ds0101 on Nov 27, 2018
Latest reply on Dec 3, 2018 by derekv

Hello,

We need Qualys to do some testing on this QID 91462 and specifically with the FeatureSettingsOverride registry key and FeatureSettingsOverrideMask key. It seems that some patches modify these keys and increment their values which affects the hosts being identified as vulnerable and the QID still present. Below is a message I received from our IT team and the article they referenced. Also note, we run weekly scans at a minimum and in at least four different weekends the QID has been re-discovered when previously it was closed.

 

[quote]

Guys, I see that all of the systems still in the GPO setup for this QID (91462) are not listed as vulnerable in your latest report.
The ones, Servers & Workstations, Not in the GPO have the keys but the FeatureSettingsOverride has been changed to 9 instead of 8.
According with the following article some KBs modify that key and it seem when that happens Qualys is reporting the systems as Vulnerable.
 
In at least four different weekends it seems the install of patches has impacted that key according with the "First Reopened" field from the Qualys report.
Please speak with Qualys to check if their scanner needs to be updated or if we should Enforce permanently having the key set to 8 via GPO

[/quote]

 

 

Can we have someone shed some light on this by doing some testing please?

 

Thank you!

Outcomes