In recent weeks, critical vulnerabilities in modern computer processors were disclosed that affect nearly every piece of computing hardware currently in use. These vulnerabilities, known as Meltdown and Spectre, could be used to allow an attacker to access sensitive information stored in the memory of programs running on your device.
Microsoft released a Windows Security Update on January 3, 2018 to address Meltdown and Spectre. However, Microsoft also “identified a compatibility issue with a small number of antivirus software products”[1], some of which are owned and operated by CTA members. This issue arises when antivirus applications make unsupported calls into Windows kernel memory, which may result in blue screen errors. Microsoft has asked antivirus vendors to add a registry key to their products to certify that the product works with the patch, and has noted that customers will not receive the January Microsoft software update, or subsequent updates, until the antivirus vendors make the change.
As part of our mission, CTA members are constantly working together for the greater good. To that end, CTA has compiled a set of links to our member companies regarding these vulnerabilities. These describe the actions our members are taking with respect to Meltdown and Spectre and they provide authoritative information from members describing the vulnerabilities themselves, which of their products (if any) are affected, and whether their products are compatible with the Microsoft update.
CTA members will continue to coordinate activity related to addressing these vulnerabilities, including actively searching for signs of exploitation attempts by malicious actors. We may be dealing with these vulnerabilities for quite some time, and CTA members will be working proactively to defend their customers.
CheckPoint:
http://blog.checkpoint.com/2018/01/08/spectre-meltdown-vulnerabilities-work/
http://blog.checkpoint.com/2018/01/08/mitigating-cpu-vulnerabilities-removing-os-blindfold/
Cisco:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
http://blog.talosintelligence.com/2018/01/meltdown-and-spectre.html
Fortinet:
https://blog.fortinet.com/2018/01/04/fortinet-advisory-on-new-spectre-and-meltdown-vulnerabilities
https://fortiguard.com/psirt/FG-IR-18-002
https://fortiguard.com/resources/threat-brief/2018/01/04/fortiguard-threat-intelligence-brief-january-05-2018
McAfee:
https://securingtomorrow.mcafee.com/mcafee-labs/decyphering-the-noise-around-meltdown-and-spectre/
Palo Alto Networks:
https://live.paloaltonetworks.com/t5/Customer-Advisories/UDPATED-Information-about-Meltdown-and-Spectre-findings/ta-p/193878/jump-to/first-unread-message
https://researchcenter.paloaltonetworks.com/2018/01/threat-brief-meltdown-spectre-vulnerabilities/
Rapid7:
https://blog.rapid7.com/2018/01/04/meltdown-and-spectre-what-you-need-to-know-cve-2017-5715-cve-2017-5753-cve-2017-5754/
Symantec:
https://support.symantec.com/en_US/article.INFO4793.html
[1] https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software