Meltdown Spectre Vulnerabilities Security Update
Richard Hutchings

About the author

Richard Hutchings: Chief Technology Officer at Littlefish



Share via:

Meltdown & Spectre Vulnerabilities – Security Update & Anti-Virus Compatibility

08/01/2018


Now that the media hysteria appears to have calmed down, we’ve all been able to focus on the core facts surrounding the published Meltdown and Spectre vulnerabilities.

At this point the UK’s National Cyber Security Centre (NCSC) are still stating that there is no evidence that the vulnerabilities are currently being exploited, as that any potential exploit would also need to be combined with an additional local or remote code execution vulnerability to be able to access locally held information on a device – which itself would also need to circumvent security anti-virus safeguards to be successful.

As communicated yesterday, Microsoft have now released a security update for the impacted Windows operating systems, however there are stability and compatibility concerns with a number of anti-virus software applications. The compatibility issue is caused when anti-virus applications make unsupported calls into Windows kernel memory. These calls may cause stop errors (also known as blue screen errors) that make the device unable to boot. To help prevent stop errors caused by incompatible anti-virus applications, Microsoft is only offering the Windows security updates released on January 3, 2018 to devices running anti-virus software from partners who have confirmed their software is compatible with the January 2018 Windows operating system security update and have the necessary registry key (flag) set.

Please find below the current anti-virus compatibility list (updated information as of 8th January 2018 at 12:00)

 

Compatible AND Sets Registry Key

  • AVAST – fixed
  • AVG Anti-Virus – fixed
  • Avira – fixed
  • BitDefender – fixed
  • EMSI Anti-Malware – fixed
  • Endgame – fixed
  • eScan – fixed
  • ESET – fixed
  • F-Secure SAFE – fixed
  • K7 – fixed
  • Kaspersky
  • MalwareBytes Anti-Malware – fixed
  • Microsoft Windows Defender
  • Norton Security – fixed
  • Sophos Anti-Virus & Central – fixed
  • Symantec Endpoint Protection – fix in Eraser Engine 117.3.0.359
  • TrustPort Sphere – fixed

 

Compatible but DOES NOT YET Set Registry Key

  • AhnLab Internet Security (V3 Family) – patch will be released today
  • Carbon Black – Manual registry key setting for Cb defense
  • Cisco AMP – manual registry key
  • Crowdstrike Falcon – registry key change scheduled today
  • Cylance Protect & Protect Home – manual registry key setting
  • Fortinet Endpoint Protection – working on registry key fix
  • McAfee Endpoint Protection – registry key change due soon
  • Nyotron PARANOID – manual registry key setting
  • Panda – registry key due 9th Jan
  • QuickHeal Endpoint security – registry key due Jan 9th
  • SentinelOne EPP – manual registry key setting
  • Trend Micro – manual registry key setting now, tools in dev
  • Webroot WSA – auto-registry key setting due next week

 

NOT YET Compatible

  • 360 Total Security – patch will be released soon
  • Cyren F-PROT – working on a fix, cannot set registry key through usual update
  • G-DATA Antivirus
  • Palo-Alto TRAPS – manual registry key setting
  • VIPRE Endpoint Security – fix under testing

Key Guidance For Multi-Customer Virtual Environments

The key guidance at present is that if you are hosting a multi-customer virtual environment (e.g. Microsoft Azure, Google Cloud Platform, Amazon etc) then you need to deploy the update to the physical hosts (hypervisors) ASAP to avoid potential cross-customer data leakage. This was the reason behind the experienced outages yesterday for any Microsoft Azure customer, and why Google and Amazon have rapidly deployed the updates.

Users Running Rogue Software

If you are running an environment where end users could potentially be allowed to run “rogue” software without any protection, then you should also consider an early deployment of the updates – although this practice should be discouraged, or further protections put in place.

Otherwise the normal patching schedule (aka ‘patch Tuesday’) seems perfectly reasonable, ensuring though that the caveats relating to anti-virus application adoption and compatibility have been followed. This ensures that the updates follow your standard deployment methodology as the likelihood of business impact from device instability is far higher than the Meltdown vulnerability being exploited at this point.

Apple Update

Apple have now officially confirmed that all Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time. Apple has already released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2 to help defend against Meltdown. In the coming days Apple plan to release mitigations in Safari to help defend against Spectre. The Apple Watch is not affected by Meltdown.

Maintain Good Practice

As always, a key aspect here is to ensure that your security products are all up to date on both end-user and server platforms (which Littlefish will continue to manage on our customers’ behalf (for supported devices)) and that your users remain vigilant when receiving emails or web browsing. Littlefish are also tracking the situation with the anti-virus vendors (see above) to ensure that environments are ready for the scheduled updates next week.



Read More
Managed Service Providers SDi Awards 2018

Finalists in the Service Desk Institute Awards 2018

17/01/2018

Following on from our shortlist for the IT Service & Support Awards 2018, Littlefish is proud to announce that we ...


Read More
Meltdown Spectre Vulnerabilities Security Update

Meltdown & Spectre Vulnerabilities – Security Update & Anti-Virus Compatibility

08/01/2018

Now that the media hysteria appears to have calmed down, we’ve all been able to focus on the core facts ...


Read More
location independent working Food standards agency

Food Standards Agency Selects Littlefish for Managed IT Services & IT Support

05/01/2018

Littlefish to deliver a more flexible, innovative IT environment and provide location independent working to all FSA staff The Food Standards ...


Read More
Meltdown Spectre Vulnerabilities

Meltdown & Spectre Security Vulnerabilities

04/01/2018

You will have no doubt read this morning that two separate security flaws have been discovered by security analysts which ...


Read More
SDI Service Desk Institute Awards 2018 Shortlist

Littlefish Shortlisted For The Service Desk Institute (SDI) 2018 Awards

22/12/2017

Littlefish is delighted to have been shortlisted in The Service Desk Institute (SDI) 2018 Awards, in the ‘Best Medium to ...


Read More
IT Service Desk - Evolution Of The Service Desk

The Evolution of The Service Desk

04/12/2017

Humble Origins The early Service Desk (more commonly referred to historically as the Computer Helpdesk, or just Helpdesk) was a simple ...


Get in touch

Whatever your query or requirements, we’d love to hear from you.

Send us a message

  • This field is for validation purposes and should be left unchanged.


Contact Infomation

Sales: 0344 848 4440

Support: 0344 848 4441

info@littlefish.co.uk

Prefer instant messaging? Chat with us now by clicking this icon on your desktop:

Follow us for latest insights: