PowerShell: Check Speculation Controls for Spectre Mitigation Support on Windows

Run the below function to view an output similar to this:

BTIHardwarePresent : True -> apply OEM BIOS/firmware update
BTIWindowsSupportPresent : True -> install January 2018 update
BTIWindowsSupportEnabled : True -> On server, follow guidance https://support.microsoft.com/en-us/topic/kb4072698-windows-server-and-azure-stack-hci-guidance-to-protect-against-silicon-based-microarchitectural-and-speculative-execution-side-channel-vulnerabilities-2f965763-00e2-8f98-b632-0d96f30c8c8e
BTIDisabledBySystemPolicy : False -> ensure not disabled by policy. False is expected
BTIDisabledByNoHardwareSupport : False -> ensure OEM BIOS/firmware update is applied.
BTIKernelRetpolineEnabled : True
BTIKernelImportOptimizationEnabled : True
KVAShadowRequired : True -> no action, this is a function of the CPU the computer uses
KVAShadowWindowsSupportPresent : True -> install January 2018 update
KVAShadowWindowsSupportEnabled : True -> On server, follow guidance https://support.microsoft.com/en-us/topic/kb4072698-windows-server-and-azure-stack-hci-guidance-to-protect-against-silicon-based-microarchitectural-and-speculative-execution-side-channel-vulnerabilities-2f965763-00e2-8f98-b632-0d96f30c8c8e
KVAShadowPcidEnabled : True -> no action , this is a function of the CPU the computer uses
SSBDWindowsSupportPresent : True -> install Windows updates as documented in adv180012 https://msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012
SSBDHardwareVulnerable : True
SSBDHardwarePresent : True -> install BIOS/firmware update with support for SSBD from your device OEM
SSBDWindowsSupportEnabledSystemWide : False -> follow recommended actions to turn on SSBD https://msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012

Source: https://support.microsoft.com/en-us/topic/kb4073119-windows-client-guidance-for-it-pros-to-protect-against-silicon-based-microarchitectural-and-speculative-execution-side-channel-vulnerabilities-35820a8a-ae13-1299-88cc-357f104f5b11

function checkSpeculationControls($computer=$env:computername){
    $command={
        # Interpretations of output: https://support.microsoft.com/en-us/topic/kb4074629-understanding-speculationcontrol-powershell-script-output-fd70a80a-a63f-e539-cda5-5be4c9e67c04
        #$originalExecutionPolicy = Get-ExecutionPolicy
        #Set-ExecutionPolicy RemoteSigned -Scope Currentuser
        if(!(Get-command Get-SpeculationControlSettings -ea SilentlyContinue)){
            [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
            if(!(Get-Module nuget)){
                Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
            }
            Install-Module SpeculationControl -force
        }
        #Set-ExecutionPolicy $originalExecutionPolicy -Scope Currentuser
        return Get-SpeculationControlSettings
    }
    invoke-command -ComputerName $computer -ScriptBlock $command
}