RM Logo
Technical Rating: 
Support Home PageSupport
Print This PagePrint This Page
Add to 'My Library' Add to 'My Library'

Meltdown / Spectre vulnerability
Published Date : 04 Jan 2018   Last Updated : 18 Apr 2019   Content Ref: TEC6034048  





Symptoms

On 03/01/2018, the details emerged of a number of vulnerabilities known as speculative execution side-channel attacks, or more commonly Meltdown or Spectre, which affect most modern processors and operating systems.

  • Details of the Microsoft® Security Advisory are available here.
  • A more detailed explanation from Google Project Zero is available here.
  • RM Unify, Microsoft Office 365™ and Google G Suite are unaffected by this issue.
  • An RM blog with some additional background information can be found here.

Note: Most of the TEC articles referenced below will require you to have a Network Support Contract to access them. We will also update this article as soon as new information becomes available, so check back regularly.

Microsoft are also providing regular updates in the following comprehensive article - https://support.microsoft.com/en-gb/help/4073757/protect-your-windows-devices-against-spectre-meltdown.



Procedure

What do I need to do about Meltdown and Spectre?

The following checklist is a general guideline to patching your computers:

  1. Ensure that your anti-virus is up to date - the anti-virus solution will add a registry key to Windows clients that will then allow them to download and apply the operating system patch from Microsoft. For more information, refer to the 'RM Supported anti-virus' section below.
  2. If you have a CC4 network then the February 2018 Microsoft patches (and beyond) should automatically approve for your network. If you do use RMVP (Symantec Endpoint Protection) then please refer to this Blog for additional information.
  3. Windows Servers need to have additional registry keys added to activate the patch. For CC4 customers, we have released CC4UPD211. (Note: Microsoft have advised in their articles that installing this patch will result in a performance hit on all clients - details of our findings are in DWN6046461 which is the release article for CC4UPD211).
  4. Check which of your devices need a firmware (BIOS/ UEFI) update to protect against the Spectre vulnerability. For more information, refer to the 'Firmware updates' section below.
  5. Check your hypervisor solutions and other devices to ensure that your complete network has been understood and patched. Advice for hypervisors, Apple, Google, etc. can be found below.

Note: Non-CC4 servers will need to have the activation registry keys added manually. Please refer to this article for more details on this (or use the batch files attached to this article - download the 'enablemeltdownpatch.bat' file to your server, then double-click to run. Do not use the 'Run as administrator' option here. Now reboot the server). Again note that Microsoft advises that enabling these mitigations may affect performance.


RM Supported anti-virus

RM recommend Trend Micro as our current anti-virus offering.

For information regarding Trend Micro on-premise, please refer to TEC6041686.

Trend Micro - Cloud has already been updated by Trend Micro. Clients where the Security Agent version is 6.2.1220 or above will have the relevant registry key in place to allow the Microsoft Updates to install. There was a further major upgrade to Trend Micro - Cloud, to version 6.3 on the 27/01/2018, please refer to TEC6060342.

RMVP 6.8 is now available with the patches from Symantec for some issues reported as the Meltdown patches became available - please see the following section for details.

We have also published a blog here with additional information.


CC4, WSUS and RMVP

We have now moved back to our normal approval process for WSUS and CC4 customers should find that the February 2018 updates and beyond start to apply. RMVP customers should have acted upon the actions below (see RM Anti-Virus Advice in the More Information section below) to ensure that the Symantec AV product continues to function.


Checking your computers via a PowerShell script
We have published a PowerShell script to help you to check your network and validate if a computer is vulnerable or not. This is a modification of a Microsoft script - we have added the ability for the script to run remotely. For more information, please refer to TEC6090000.

Firmware updates

For RM Recommends and RM Hardware computers and servers, firmware patching advice can be found in TEC6039891 in the Other Useful Articles section below. This contains links to each of the relevant firmware (BIOS / UEFI) updates that have been made available.

Note: Given the number of issues being reported with firmware releases we advise you wait two weeks once an update has been released before applying, but ensure that you have a plan ready for the upgrade immediately should the urgency change.

General advice / BitLocker
Always ensure that you follow all of the system suppliers' recommendations when updating a BIOS / UEFI.

It is recommended that if BitLocker is enabled on your system you suspend it prior to running the BIOS / UEFI update. Once the system has rebooted after the update please enable BitLocker.


Hypervisors

VMware ESXi
VMware have released patches for this issue, please follow TEC2637069.

Hyper-V
For advice on patching the hosts follow TEC5697304.

General hypervisor / VM patching instructions
For any hypervisor, we recommend that the following steps are followed:

  1. Apply the firmware (BIOS / UEFI) update for the host hardware (although at present we are recommending that you omit this step).
  2. If your hypervisor is Hyper-V, then you should check that the anti-virus solution running on it is compatible.
  3. Patch the hypervisor itself (see the details above for Hyper-V and VMware).
    Note: For Hyper-V you will also need to add the registry keys to enable the OS patch on the server.
  4. Patch each VM running on the hypervisor. Again if a server operating system then you will need to check the anti-virus solution and add the registry keys to enable the operating system patch on the server.

Phishing / fake patches
Be aware that cybercriminals are already taking advantage of the news generated by these vulnerabilities and fake patches that deliver malware are surfacing. Ensure that you are using the trusted, vendor websites when downloading firmware patches (and getting the Microsoft patches via WSUS).

Apple operating systems

Details of the Apple response are available here.


Google Chrome

Details of the Google recommendation for Chrome users are available here.

An RM article with additional advice can be found in TEC6046757 (Protecting Chromebooks / Android devices from Spectre / Meltdown vulnerabilities).


Infrastructure devices
As usual (for routers, switches, firewalls, etc.), please check with the manufacturer.


Possible Issues

If you are not using an RM supported anti-virus solution, you should contact your vendor to confirm the compatibility status of the anti-virus product.

It is possible to force these updates to install regardless of your anti-virus's compatibly status by creating a specific registry key. We do not recommend manually creating this key unless your vendor has confirmed their product is compatible. Enabling the installation of these updates on an incompatible system could cause instability.

CC4 customers should ensure that they have updates CC4UPD203, CC4UPD204 and CC4UPD205 so that their local WSUS instance is pulling the list of the latest set of approved updates from us. Also note that the changes in CC4UPD204 require a new URL to be allowed through any firewall.

Microsoft do advise that by applying these changes to your computers, that there may be a performance hit.



More Information

AMD processors
There was an issue with the Microsoft patch for Meltdown on older AMD processors. Customers with AMD processors (Athlon era) should consult:

https://support.microsoft.com/en-ie/help/4073707/windows-operating-system-security-update-for-amd-based-devices

RM Anti-Virus Advice

Our recommended options for existing RMVP customers:

  1. Move to Trend Micro (this is our recommended anti-virus solution).
  2. Upgrade to RMVP 6.8.

Note: You can check the version of RMVP by following TEC6066087.


Known exploits?
At the time of writing there are no known active exploits for these vulnerabilities but this may change. Any exploit is likely to require some sort of user interaction such as opening a malicious email attachment or web link and as such the best defence is educating users not to open suspicious attachments or links.


Download

FilenameFile SizeDownload
enablemeltdownpatch.bat409 bytes Download


Other Useful Articles

BIOS and Firmware Updates for Security Vulnerabilites (TEC6039891)

FEEDBACK
Did the information in this article help answer your question?
 Yes
 No
Please add any comments about this article in the box below. If you answered No then it is important you tell us why so that we can change the article if required. We can only respond if you log in to the RM Support website or provide your contact details. Note: If you need help with a technical query, please log a call online or telephone our support team.
Thank you for your feedback, which is sent directly to the RM Knowledge team. We address every message received with the intention of improving our Knowledge Library articles. If you have an unresolved technical issue, please contact RM Support.


If this article has not helped provide a solution then it is also possible to log a call...



Document Keywords: Meltdown, Spectre, CPU flaw,


Please read - important disclaimer information.
http://www.rm.com/_RMVirtual/Includes/csredirect.asp?cref=&title=Standard Content Disclaimer


Top Of PageTop of page