Meltdown and Spectre Situation Update
Two newly discovered processor chip vulnerabilities, dubbed Meltdown and Spectre, could permit attackers to gain unauthorized access to a computer’s memory. Spectre affects all modern processors, including those designed by Intel, AMD and ARM, but Meltdown is currently thought to affect only Intel chips manufactured since 1995, with the exception of Itanium and Atom chips made before 2013. The vulnerabilities can only be mitigated through operating system patches. Please see https://www.symantec.com/blogs/threat-intelligence/meltdown-spectre-cpu-bugs for the latest in depth information on the vulnerabilities.
Does Symantec Data Center Security provide protection for the Meltdown and Spectre vulnerabilities?
Meltdown and Spectre are local privilege escalation vulnerabilities which means that malicious software must first be installed on a target system to exploit the vulnerabilities. Symantec Data Center Security: Server Advanced (DCS:SA) protects vulnerable systems by ensuring that only authorized software is allowed to run. All three levels of DCS:SA policies; Windows 6.0 Basic, Hardening and Whitelisting, and all 5.2.9 policies (Limited Execution, Strict, and Core) prevent an attacker from dropping malicious executables onto the system.
Can I apply the OS vendor patches which provide mitigation for Meltdown and Spectre
With Windows patches, no change to the Data Center Security Agent are required. As an extra precaution for this kernel level change, we have analyzed the patch information from Microsoft and are testing the patches as they are released. Windows 2016, 2012R2, 2008R2 have been fully certified and no other issues have been found to date.
For Linux platforms we are testing patches as they are released. To date all platforms have been successfully tested. Only Amazon Linux requires a driver update. See: https://support.symantec.com/en_US/article.TECH248572.html
This means that with default ruleset enabled in DCS for Linux, the servers are protectec against exploits that could use Meltdown and Spectre vulnerabilities?
Good to know. Thanks.