Meltdown and Spectre: What you need to know from CTA

In recent weeks, critical vulnerabilities in modern computer processors were disclosed that affect nearly every piece of computing hardware currently in use. These vulnerabilities, known as Meltdown and Spectre, could be used to allow an attacker to access sensitive information stored in the memory of programs running on your device.

Microsoft released a Windows Security Update on January 3, 2018 to address Meltdown and Spectre. However, Microsoft also “identified a compatibility issue with a small number of antivirus software products”[1], some of which are owned and operated by CTA members. This issue arises when antivirus applications make unsupported calls into Windows kernel memory, which may result in blue screen errors. Microsoft has asked antivirus vendors to add a registry key to their products to certify that the product works with the patch, and has noted that customers will not receive the January Microsoft software update, or subsequent updates, until the antivirus vendors make the change.

As part of our mission, CTA members are constantly working together for the greater good. To that end, CTA has compiled a set of links to our member companies regarding these vulnerabilities.  These describe the actions our members are taking with respect to Meltdown and Spectre and they provide authoritative information from members describing the vulnerabilities themselves, which of their products (if any) are affected, and whether their products are compatible with the Microsoft update.

CTA members will continue to coordinate activity related to addressing these vulnerabilities, including actively searching for signs of exploitation attempts by malicious actors. We may be dealing with these vulnerabilities for quite some time, and CTA members will be working proactively to defend their customers.

CheckPoint:

http://blog.checkpoint.com/2018/01/08/spectre-meltdown-vulnerabilities-work/

http://blog.checkpoint.com/2018/01/08/mitigating-cpu-vulnerabilities-removing-os-blindfold/

Cisco:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel

http://blog.talosintelligence.com/2018/01/meltdown-and-spectre.html

Fortinet:

https://blog.fortinet.com/2018/01/04/fortinet-advisory-on-new-spectre-and-meltdown-vulnerabilities

https://fortiguard.com/psirt/FG-IR-18-002

https://fortiguard.com/resources/threat-brief/2018/01/04/fortiguard-threat-intelligence-brief-january-05-2018

McAfee:

https://securingtomorrow.mcafee.com/mcafee-labs/decyphering-the-noise-around-meltdown-and-spectre/

Palo Alto Networks:

https://live.paloaltonetworks.com/t5/Customer-Advisories/UDPATED-Information-about-Meltdown-and-Spectre-findings/ta-p/193878/jump-to/first-unread-message

https://researchcenter.paloaltonetworks.com/2018/01/threat-brief-meltdown-spectre-vulnerabilities/

Rapid7:

https://blog.rapid7.com/2018/01/04/meltdown-and-spectre-what-you-need-to-know-cve-2017-5715-cve-2017-5753-cve-2017-5754/

Symantec:

https://support.symantec.com/en_US/article.INFO4793.html

[1] https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software

CTA cybersecurity meltdown spectre

Author: Michael Daniel

As President and CEO of CTA, Michael Daniel leads the team and oversees the organization’s operations. Prior to joining the CTA, Michael served from June 2012 to January 2017 as Special Assistant to President Obama and Cybersecurity Coordinator on the National Security Council Staff. In this role, he led the development of national cybersecurity strategy and policy, and ensured that the U.S. government effectively partnered with the private sector, non-governmental organizations, and other nations.