Wow, I had no idea it did that. It would also be great if RED wasn’t one of the colors since it implies a negativity but if what shows up is RED just always the minority, then it can’t actually do that.
CC: @AaronBauer
1 Like
Hint for BF developers. Allow me to set the colors of True, False and error and stop color changing due to a majority change.
Has anyone updated the fixlet/analysis to version 1.0.7 by any chance?
1 Like
I just updated the prefetch; as the rest of the actionscript uses the same name reference, this should work just fine:
prefetch speculationcontrol.nupkg sha1:64b07aa1c182073368218a2930595b6f6c2d7f28 size:23481 https://devopsgallerystorage.blob.core.windows.net/packages/speculationcontrol.1.0.7.nupkg sha256:98cbda6b1ff68c05a1801385dc620e40c4bdfec672d300f597b2b26243ab58c9
Obviously, the analysis may need to be updated to account for the additional information that is output by 1.0.7. As far as I know 1.0.6 and 1.0.7 doesn’t fix any bugs with current detections, instead just adding more information.
1 Like
This is good feedback about WebReports, this confused me as well.
Sorry about that, I’m working on it.
Guys How I can see the report meltdown of bigfix with pie like style from Web Reports
You need to run the tool, activate the analysis, then make a report in Web Reports with the data from the analysis.
It is possible to make a Pie Chart from data from any analysis or property.
Ah ok ready!
Thanks!
1 Like
This doesn’t seem to be the case as far as I can tell. There is extra info, but only affects the Raw results.
Newest version is published: content/fixlets/Run Microsoft Meltdown and Spectre Detection Tool - Windows.bes at master · bigfix/content · GitHub
Other than the prefetch, the only other change that is required is updating the hard coded version number that is echo’d into the results so that the analysis reports on which version was used: echo 'RanWithSpeculationControlVersion=1.0.7'
2 Likes
Three versions have been released since 1.0.7. Up to version 1.0.10 now. When will the BigFix fixlet/report be updated to support version 1.0.10 please? Thanks.
I just updated the prefetch to 1.0.9, personally. Literally two actionscript changes:
prefetch speculationcontrol.nupkg sha1:80ab96ba598dd0f5ddc0b2d1b6ab3b68a715f309 size:23276 https://devopsgallerystorage.blob.core.windows.net/packages/speculationcontrol.1.0.9.nupkg sha256:5742d5cf42bda7ab35f3b7a9ebef3ae8ac6c63872a4f63442c12f299feaac0e0
and
waithidden cmd /C powershell -ExecutionPolicy Bypass -command “import-module ‘{pathname of file “SpeculationControl.psm1” of folder “__Download” of client folder of current site}’ ; Get-SpeculationControlSettings ; echo ‘RanWithSpeculationControlVersion=1.0.9’ ; if (test-path variable:\psversiontable) {{ echo (‘RanWithPowershellVersion=’ + $PSVersionTable.PSVersion.Major) } else {{ ‘RanWithPowershellVersion=1’ }” > “{ pathname of folder “__BESData__Global\Logs” of parent folder of client }\results_PS_SpeculationControl.txt”
1.0.10 just replaces a PowerShell commandlet, from the looks of things:
- Replaced usage of Get-WmiObject with Get-CimInstance
Not sure what kind of impact this has, to be entirely honest. I’ll likely update my fixlet over the weekend, though.
EDIT 1:
Here’s the 1.0.10 prefetch if anyone wants to update their content:
prefetch speculationcontrol.nupkg sha1:e5c70656a147f16cc83e2597e92dfce9e050c91b size:23307 https://devopsgallerystorage.blob.core.windows.net/packages/speculationcontrol.1.0.10.nupkg sha256:3ea829d60b39ba98d2d7dbd08a6c7edd842bdfc023767f210d1692f6e79bcf59
Just note that the speculation control version is added manually in the powershell execution, and does not come from the script itself. Thus, you have to modify the powershell execution line manually to change the version.
EDIT 2:
Good writeup of Get-WmiObject vs Get-CimInstance:
3 Likes
Is there any chance the analysis could be revised to report on each vulnerability independently from the others? i.e. If an endpoints firmware is protected against BTI and SSB but not L1TF.
Does anyone have the prefetch for version 10.0.14?