Niktendo/Meltdown_Spectre-Script.cmd

## Meltdown_Spectre-Script.cmd
@echo off
:: BatchGotAdmin
::-------------------------------------
REM  --> Check for permissions
>nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"

REM --> If error flag set, we do not have admin.
if '%errorlevel%' NEQ '0' (
    echo Requesting administrative privileges...
    goto UACPrompt
) else ( goto gotAdmin )

:UACPrompt
    echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
    set params = %*:"="
    echo UAC.ShellExecute "cmd.exe", "/c %~s0 %params%", "", "runas", 1 >> "%temp%\getadmin.vbs"

    "%temp%\getadmin.vbs"
    del "%temp%\getadmin.vbs"
    exit /B

:gotAdmin
    pushd "%CD%"
    CD /D "%~dp0"
::--------------------------------------
title Meltdown/Spectre-Script - by Niktendo @2019
CLS
:MENU
ECHO.
ECHO ...............................................
ECHO Was moechtest du aktivieren/deaktivieren?
ECHO ...............................................
ECHO.
ECHO CVE-2017-5715 (Spectre Variant 2)
ECHO * - Zum Aktivieren nutze bitte Option "2"
ECHO 1 - Deaktivieren
ECHO.
ECHO CVE-2017-5715 (Spectre Variant 2), CVE-2017-5754 (Meltdown)
ECHO 2 - Aktivieren
ECHO * - Zum Deaktivieren nutze bitte Option "9"
ECHO.
ECHO CVE-2017-5715 (Spectre Variant 2), CVE-2017-5754 (Meltdown), CVE-2018-3639 (SSBD)
ECHO 3 - Aktivieren
ECHO * - Zum Deaktivieren nutze bitte Option "9"
ECHO.
ECHO SPEZIALAKTIONEN:
ECHO 4 - Zusatzoption fuer Hyper-V
ECHO 5 - [AMD] Zusatzoption fuer CVE-2017-5715 (Spectre Variant 2)
ECHO 6 - [AMD] Zusatzoption fuer CVE-2017-5715 (Spectre Variant 2), CVE 2018-3639 (SSBD)
ECHO 7 - Alle Optionen aktivieren [mit aktiviertem Hyperthreading]
ECHO 8 - Alle Optionen aktivieren [mit deaktiviertem Hyperthreading]
ECHO 9 - Alle Optionen deaktivieren
ECHO.
ECHO S - Aktuellen Status einsehen
ECHO Q - Schliessen
ECHO.
%SystemRoot%\System32\choice.exe /C 123456789SQ /M "Bitte eine Option auswaehlen!"
IF %ERRORLEVEL% EQU 1 SET M=1
IF %ERRORLEVEL% EQU 2 SET M=2
IF %ERRORLEVEL% EQU 3 SET M=3
IF %ERRORLEVEL% EQU 4 SET M=4
IF %ERRORLEVEL% EQU 5 SET M=5
IF %ERRORLEVEL% EQU 6 SET M=6
IF %ERRORLEVEL% EQU 7 SET M=7
IF %ERRORLEVEL% EQU 8 SET M=8
IF %ERRORLEVEL% EQU 9 SET M=9
IF %ERRORLEVEL% EQU 10 SET M=S
IF %ERRORLEVEL% EQU 11 SET M=Q
IF %M%==1 GOTO DISABLE1
IF %M%==2 GOTO ENABLE2
IF %M%==3 GOTO ENABLE3
IF %M%==4 GOTO HYPERV
IF %M%==5 GOTO AMD1
IF %M%==6 GOTO AMD2
IF %M%==7 GOTO ENABLEALL1
IF %M%==8 GOTO ENABLEALL2
IF %M%==9 GOTO DISABLEALL
IF %M%==S GOTO CHECK
IF %M%==Q GOTO QUIT

:DISABLE1
cls
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
echo Fertig!
timeout 3
GOTO MENU

:ENABLE2
cls
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
echo Fertig!
timeout 3
GOTO MENU

:ENABLE3
cls
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 8 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
echo Fertig!
timeout 3
GOTO MENU

:HYPERV
cls
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d "1.0" /f
echo Fertig!
timeout 3
GOTO MENU

:AMD1
cls
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 64 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
echo Fertig!
timeout 3
GOTO MENU

:AMD2
cls
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 72 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
echo Fertig!
timeout 3
GOTO MENU

:ENABLEALL1
cls
echo Dies aktiviert den Schutz fuer CVE-2017-5715, CVE-2017-5753 (Spectre Variant 2/Bounds Check Bypass), CVE-2017-5754 (Meltdown), CVE-2018-3615, CVE-2018-3620, CVE-2018-3646 (L1TF), CVE-2018-3639 (SSBD), CVE-2018-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130 (Manage Microarchitectural Data Sampling)
%SystemRoot%\System32\choice.exe /C YJN /N /M "Fortfahren [Y/N]? "
if errorlevel 3 goto :MENU
cls
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 72 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
echo Fertig!
timeout 3
GOTO MENU

:ENABLEALL2
cls
echo Dies aktiviert den Schutz fuer CVE-2017-5715, CVE-2017-5753 (Spectre Variant 2/Bounds Check Bypass), CVE-2017-5754 (Meltdown), CVE-2018-3615, CVE-2018-3620, CVE-2018-3646 (L1TF), CVE-2018-3639 (SSBD), CVE-2018-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130 (Manage Microarchitectural Data Sampling)
%SystemRoot%\System32\choice.exe /C YJN /N /M "Fortfahren [Y/N]? "
if errorlevel 3 goto :MENU
cls
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 8264 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
echo Fertig!
timeout 3
GOTO MENU

:DISABLEALL
cls
echo Dies deaktiviert den Schutz fuer CVE-2017-5715, CVE-2017-5753 (Spectre Variant 2/Bounds Check Bypass), CVE-2017-5754 (Meltdown), CVE-2018-3615, CVE-2018-3620, CVE-2018-3646 (L1TF), CVE-2018-3639 (SSBD), CVE-2018-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130 (Manage Microarchitectural Data Sampling)
%SystemRoot%\System32\choice.exe /C YJN /N /M "Fortfahren [Y/N]? "
if errorlevel 3 goto :MENU
cls
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 3 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
echo Fertig!
timeout 3
GOTO MENU

:CHECK
cls
echo Bitte folgende Hinweise mit "Y/J" bestaetigen!
timeout 3
powershell Install-Module SpeculationControl
powershell $SaveExecutionPolicy = Get-ExecutionPolicy
powershell Set-ExecutionPolicy RemoteSigned -Scope Currentuser
powershell Import-Module SpeculationControl
powershell Get-SpeculationControlSettings
PAUSE
powershell Set-ExecutionPolicy $SaveExecutionPolicy -Scope Currentuser
cls
GOTO MENU

:QUIT
echo Falls du Aenderungen durchgefuehrt hast, MUSS der PC neu gestartet werden.
%SystemRoot%\System32\choice.exe /C YJN /N /M "Jetzt neustarten [Y/N]?"
if errorlevel 3 goto :EOF
shutdown /r /f /t 3 /c "Der PC wird in 3 Sekunden neu gestartet!"

## Meltdown_Spectre.txt
CVE-2017-5715 (Spectre Variant 2)
CVE-2017-5715 (Spectre Variant 2), CVE-2017-5754 (Meltdown)
CVE-2017-5715 (Spectre Variant 2) - AMD
CVE-2017-5715 (Spectre Variant 2), CVE-2017-5754 (Meltdown), CVE-2018-3639 (SSBD)
CVE-2017-5715 (Spectre Variant 2), CVE 2018-3639 (SSBD) - AMD
CVE-2017-5715, CVE-2017-5753 (Spectre Variant 2/Bounds Check Bypass), CVE-2017-5754 (Meltdown), CVE-2018-3615, CVE-2018-3620, CVE-2018-3646 (L1TF), CVE-2018-3639 (SSBD), CVE-2018-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130 (Manage Microarchitectural Data Sampling)
	@echo off
	:: BatchGotAdmin
	::-------------------------------------
	REM --> Check for permissions
	>nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"

	REM --> If error flag set, we do not have admin.
	if '%errorlevel%' NEQ '0' (
	echo Requesting administrative privileges...
	goto UACPrompt
	) else ( goto gotAdmin )

	:UACPrompt
	echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
	set params = %*:"="
	echo UAC.ShellExecute "cmd.exe", "/c %~s0 %params%", "", "runas", 1 >> "%temp%\getadmin.vbs"

	"%temp%\getadmin.vbs"
	del "%temp%\getadmin.vbs"
	exit /B

	:gotAdmin
	pushd "%CD%"
	CD /D "%~dp0"
	::--------------------------------------
	title Meltdown/Spectre-Script - by Niktendo @2019
	CLS
	:MENU
	ECHO.
	ECHO ...............................................
	ECHO Was moechtest du aktivieren/deaktivieren?
	ECHO ...............................................
	ECHO.
	ECHO CVE-2017-5715 (Spectre Variant 2)
	ECHO * - Zum Aktivieren nutze bitte Option "2"
	ECHO 1 - Deaktivieren
	ECHO.
	ECHO CVE-2017-5715 (Spectre Variant 2), CVE-2017-5754 (Meltdown)
	ECHO 2 - Aktivieren
	ECHO * - Zum Deaktivieren nutze bitte Option "9"
	ECHO.
	ECHO CVE-2017-5715 (Spectre Variant 2), CVE-2017-5754 (Meltdown), CVE-2018-3639 (SSBD)
	ECHO 3 - Aktivieren
	ECHO * - Zum Deaktivieren nutze bitte Option "9"
	ECHO.
	ECHO SPEZIALAKTIONEN:
	ECHO 4 - Zusatzoption fuer Hyper-V
	ECHO 5 - [AMD] Zusatzoption fuer CVE-2017-5715 (Spectre Variant 2)
	ECHO 6 - [AMD] Zusatzoption fuer CVE-2017-5715 (Spectre Variant 2), CVE 2018-3639 (SSBD)
	ECHO 7 - Alle Optionen aktivieren [mit aktiviertem Hyperthreading]
	ECHO 8 - Alle Optionen aktivieren [mit deaktiviertem Hyperthreading]
	ECHO 9 - Alle Optionen deaktivieren
	ECHO.
	ECHO S - Aktuellen Status einsehen
	ECHO Q - Schliessen
	ECHO.
	%SystemRoot%\System32\choice.exe /C 123456789SQ /M "Bitte eine Option auswaehlen!"
	IF %ERRORLEVEL% EQU 1 SET M=1
	IF %ERRORLEVEL% EQU 2 SET M=2
	IF %ERRORLEVEL% EQU 3 SET M=3
	IF %ERRORLEVEL% EQU 4 SET M=4
	IF %ERRORLEVEL% EQU 5 SET M=5
	IF %ERRORLEVEL% EQU 6 SET M=6
	IF %ERRORLEVEL% EQU 7 SET M=7
	IF %ERRORLEVEL% EQU 8 SET M=8
	IF %ERRORLEVEL% EQU 9 SET M=9
	IF %ERRORLEVEL% EQU 10 SET M=S
	IF %ERRORLEVEL% EQU 11 SET M=Q
	IF %M%==1 GOTO DISABLE1
	IF %M%==2 GOTO ENABLE2
	IF %M%==3 GOTO ENABLE3
	IF %M%==4 GOTO HYPERV
	IF %M%==5 GOTO AMD1
	IF %M%==6 GOTO AMD2
	IF %M%==7 GOTO ENABLEALL1
	IF %M%==8 GOTO ENABLEALL2
	IF %M%==9 GOTO DISABLEALL
	IF %M%==S GOTO CHECK
	IF %M%==Q GOTO QUIT

	:DISABLE1
	cls
	reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 1 /f
	reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
	echo Fertig!
	timeout 3
	GOTO MENU

	:ENABLE2
	cls
	reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f
	reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
	echo Fertig!
	timeout 3
	GOTO MENU

	:ENABLE3
	cls
	reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 8 /f
	reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
	echo Fertig!
	timeout 3
	GOTO MENU

	:HYPERV
	cls
	reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d "1.0" /f
	echo Fertig!
	timeout 3
	GOTO MENU

	:AMD1
	cls
	reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 64 /f
	reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
	echo Fertig!
	timeout 3
	GOTO MENU

	:AMD2
	cls
	reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 72 /f
	reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
	echo Fertig!
	timeout 3
	GOTO MENU

	:ENABLEALL1
	cls
	echo Dies aktiviert den Schutz fuer CVE-2017-5715, CVE-2017-5753 (Spectre Variant 2/Bounds Check Bypass), CVE-2017-5754 (Meltdown), CVE-2018-3615, CVE-2018-3620, CVE-2018-3646 (L1TF), CVE-2018-3639 (SSBD), CVE-2018-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130 (Manage Microarchitectural Data Sampling)
	%SystemRoot%\System32\choice.exe /C YJN /N /M "Fortfahren [Y/N]? "
	if errorlevel 3 goto :MENU
	cls
	reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 72 /f
	reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
	echo Fertig!
	timeout 3
	GOTO MENU

	:ENABLEALL2
	cls
	echo Dies aktiviert den Schutz fuer CVE-2017-5715, CVE-2017-5753 (Spectre Variant 2/Bounds Check Bypass), CVE-2017-5754 (Meltdown), CVE-2018-3615, CVE-2018-3620, CVE-2018-3646 (L1TF), CVE-2018-3639 (SSBD), CVE-2018-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130 (Manage Microarchitectural Data Sampling)
	%SystemRoot%\System32\choice.exe /C YJN /N /M "Fortfahren [Y/N]? "
	if errorlevel 3 goto :MENU
	cls
	reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 8264 /f
	reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
	echo Fertig!
	timeout 3
	GOTO MENU

	:DISABLEALL
	cls
	echo Dies deaktiviert den Schutz fuer CVE-2017-5715, CVE-2017-5753 (Spectre Variant 2/Bounds Check Bypass), CVE-2017-5754 (Meltdown), CVE-2018-3615, CVE-2018-3620, CVE-2018-3646 (L1TF), CVE-2018-3639 (SSBD), CVE-2018-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130 (Manage Microarchitectural Data Sampling)
	%SystemRoot%\System32\choice.exe /C YJN /N /M "Fortfahren [Y/N]? "
	if errorlevel 3 goto :MENU
	cls
	reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 3 /f
	reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
	echo Fertig!
	timeout 3
	GOTO MENU

	:CHECK
	cls
	echo Bitte folgende Hinweise mit "Y/J" bestaetigen!
	timeout 3
	powershell Install-Module SpeculationControl
	powershell $SaveExecutionPolicy = Get-ExecutionPolicy
	powershell Set-ExecutionPolicy RemoteSigned -Scope Currentuser
	powershell Import-Module SpeculationControl
	powershell Get-SpeculationControlSettings
	PAUSE
	powershell Set-ExecutionPolicy $SaveExecutionPolicy -Scope Currentuser
	cls
	GOTO MENU

	:QUIT
	echo Falls du Aenderungen durchgefuehrt hast, MUSS der PC neu gestartet werden.
	%SystemRoot%\System32\choice.exe /C YJN /N /M "Jetzt neustarten [Y/N]?"
	if errorlevel 3 goto :EOF
	shutdown /r /f /t 3 /c "Der PC wird in 3 Sekunden neu gestartet!"
	CVE-2017-5715 (Spectre Variant 2)
	CVE-2017-5715 (Spectre Variant 2), CVE-2017-5754 (Meltdown)
	CVE-2017-5715 (Spectre Variant 2) - AMD
	CVE-2017-5715 (Spectre Variant 2), CVE-2017-5754 (Meltdown), CVE-2018-3639 (SSBD)
	CVE-2017-5715 (Spectre Variant 2), CVE 2018-3639 (SSBD) - AMD
	CVE-2017-5715, CVE-2017-5753 (Spectre Variant 2/Bounds Check Bypass), CVE-2017-5754 (Meltdown), CVE-2018-3615, CVE-2018-3620, CVE-2018-3646 (L1TF), CVE-2018-3639 (SSBD), CVE-2018-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130 (Manage Microarchitectural Data Sampling)