Hmm.
Since putting the latest MS patches on my (Sandy Bridge based) PC, I've had two unexplained crashes - which is annoying when working remotely as while the Intel RST on my machine recovers correctly, it doesn't then reboot, so just sits waiting for someone to reset it. Maybe time invest a remote power switch....
Also quite annoying as my Sandy Bridge (i7 2700K) DOES support PCID, but not, apparently INVPCID...
So, on a Sandy Bridge i7 2700K (released Oct 2011 I believe) running Win 10 Pro, the results of "Get-SpeculationControlSettings" are:
Speculation control settings for CVE-2017-5715 [branch target injection]
Hardware support for branch target injection mitigation is present: False
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: False
Windows OS support for branch target injection mitigation is disabled by system policy: False
Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True
Speculation control settings for CVE-2017-5754 [rogue data cache load]
Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID performance optimization is enabled: False [not required for security]
Suggested actions
* Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injection mitigation.
BTIHardwarePresent : False
BTIWindowsSupportPresent : True
BTIWindowsSupportEnabled : False
BTIDisabledBySystemPolicy : False
BTIDisabledByNoHardwareSupport : True
KVAShadowRequired : True
KVAShadowWindowsSupportPresent : True
KVAShadowWindowsSupportEnabled : True
KVAShadowPcidEnabled : False