A very good overview on the how (and a little of the why) is summarised in a series of tweets by Graham Sutherland here.
In the January Security updates Microsoft have provided updates to protect its operating systems (Windows 7 SP1 and later). More on this below. They have also provided a PowerShell Module to inspect and report on the status of a Windows operating system.
What you are going to need to do is patch your Windows Operating System and update your computers firmware (BIOS).
Using an Administrative PowerShell session on a Windows workstation with Windows Management Framework 5.x installed the following three lines will download and install the PowerShell module, import it and execute it to report on the status.
Install-Module SpeculationControl Import-Module SpeculationControl Get-SpeculationControlSettings
The output below shows that the operating system does not contain the updates for the vulnerability.
Obtaining the Windows Security Updates
Microsoft included updates for its operating systems (Windows 7 SP1 and newer) on January 3 2018 in the January update as shown below. They can be obtained from the Microsoft Security Portal here. Search for CVE-2017-5715 to get the details.
Go to the Microsoft Update Catalog to obtain the update individually.
The quickest and easiest though is to press your Windows Key, select the Gear (settings) icon, Update & Security, Windows Update.
Check status, install the updates, and restart your Windows computer.
Speculation Control Status
After installing the updates and restarting the computer we can run the check again. It now shows we are partially protected. Protected for Meltdown but partially protected for Spectre. A BIOS update is required to complete the mitigation for Spectre.
For me I obtained the latest BIOS for my laptop from the manufacturers support website. If you are also on a Lenovo Yoga 910 that is here. However for me the latest Lenovo firmware doesn’t include updates for this vulnerability. And my particular model of laptop isn’t listed as being affected. I’ll keep checking to see if that changes.
In Microsoft environments your patching strategy will get you most of the way with the Microsoft January Security updates. BIOS updates to your fleet will take additional planning and effort to complete.