Another question.. Just got a "new" Fujitsu notebook with a factory installed Win 7 Pro SP1 and I added the July simplex to it. Does "a factory installed Win 7 Pro SP1" include any updates that I do not want to have on my computer? Is there a list with numbers to find those amongst the facory installed updates? Thank you...
What InSpectre says under "system's present situation"? afaik, that option is greyed only if the microcode is missing anyway, you can enable both protections manually: Code: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
System is Meltdown protected: YES System is Spectre protected: NO! Microcode Update Available: YES Performance: SLOWER done that,restarted the pc and the option is still greyed out
This system's present situation: This 64-bit version of Windows has been updated for full awareness of both the Spectre and the Meltdown vulnerabilities. If the system's hardware (see below) has also been updated, this system will not be vulnerable to these attacks. This system's hardware has been updated with new features required to allow its operating system to protect against the Spectre vulnerabilities and/or to minimize their impact upon the system's performance. (Protection from the Meltdown vulnerability does not require BIOS or processor updates.) This system's Intel processor provides high-performance protection from the Meltdown vulnerability. A properly updated operating system will be able to provide protection without significant system slowdown. This system's Intel processor provides high-performance protection from the Meltdown vulnerability, but this version of Windows is not taking advantage of those features to offer that protection without performance penalties. (It could and should!) You may wish to consider disabling this system's Meltdown protection until it is offered at lower system performance cost. Due to the potential performance impact of these vulnerability protections, which may be particularly burdensome on older hardware and operating systems that cannot be updated, either one or both of these protections may be disabled with Windows registry settings. This system's "protection disable" is currently set as follows: The system's registry is configured to enable both of the Spectre and Meltdown protections. Within the bounds of any limitations described above, Windows will work with the system's processor to prevent the exploitation of these vulnerabilities.
AFAIK, the bitmask didn't change the protection against new CVE-2018-3639 require FeatureSettingsOverride = 8
Just my 5 cent: ==> Default (CVE-2017-5715, CVE-2017-5754) <=== Enable the mitigation against Spectre Variant 2 (CVE-2017-5715 "Branch Target Injection") and Meltdown (CVE-2017-5754) Code: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /f reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /f or the same Code: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f ==> Full ON (CVE-2018-3639, CVE-2017-5715, CVE-2017-5754) <=== Enable mitigations around Speculative Store Bypass (CVE-2018-3639) together with mitigations around Spectre Variant 2 (CVE-2017-5715 "Branch Target Injection") and Meltdown (CVE-2017-5754) through the following registry settings (because they are not enabled by default). Code: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 8 /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f ===> Full Off <=== Code: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 3 /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f For Hyper-V Code: reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d "1.0" /f
Quite late to this so here goes, trying to begin and I am stuck t the Prerequisite (Install WAIK and supplement) https://forums.mydigitallife.net/th...xes-into-win7-distribution.45005/#post-756785 , When I execute xcopy S:\ “C:\Program Files\Windows AIK\Tools\PETools” /ERDY as per the instruction I get ''invalid number of arguments''. Any help is much needed.bless
I'm not sure but it might be that u need tot do that from another partition then S because /s is the silent key for xcopy and maybe it gets confused by that.
On what windows are you running the updatepack? You only need to install WAIK tools, that post is from 2013 and probably overhauled by now. EDIT: i am running a test with the offline batch files (check OP) on a clean fresh installed 7 SP1. No WAIK installed (not needed at all), it's now at the updates integration stage. Will report back as soon as it is finished integrating all updates in the mounted wim.
Thanks for all the help guys much appreciated . any info on the other .bat files as the readme only has description for 4 of them, like exactly what does integrie_USB3_Optimize.bat entail ? Also I can't seem the find the ISO that suppose to be created . The .wim file has gotten bigger though so I'm guessing use UlraISO and manually make the image? PS:I'm doing this on a VM (Win 7 64bit). EDIT: I ended up using boss911 UP7integrator tool and the iso was created