In recent weeks, critical vulnerabilities in modern computer processors were disclosed that affect nearly every piece of computing hardware currently in use. These vulnerabilities, known as Meltdown and Spectre, could be used to allow an attacker to access sensitive information stored in the memory of programs running on your device.
Microsoft released a Windows Security Update on January 3, 2018 to address Meltdown and Spectre. However, Microsoft also “identified a compatibility issue with a small number of antivirus software products”, some of which are owned and operated by CTA members. This issue arises when antivirus applications make unsupported calls into Windows kernel memory, which may result in blue screen errors. Microsoft has asked antivirus vendors to add a registry key to their products to certify that the product works with the patch, and has noted that customers will not receive the January Microsoft software update, or subsequent updates, until the antivirus vendors make the change.
As part of our mission, CTA members are constantly working together for the greater good. To that end, CTA has compiled a set of links to our member companies regarding these vulnerabilities. These describe the actions our members are taking with respect to Meltdown and Spectre and they provide authoritative information from members describing the vulnerabilities themselves, which of their products (if any) are affected, and whether their products are compatible with the Microsoft update.
CTA members will continue to coordinate activity related to addressing these vulnerabilities, including actively searching for signs of exploitation attempts by malicious actors. We may be dealing with these vulnerabilities for quite some time, and CTA members will be working proactively to defend their customers.
Palo Alto Networks:
Author: Michael Daniel
CTA Webinar – The Cyber Threat Landscape: 2021 Was a Hell of a Ride – 2022 Isn’t Shaping Up Any Better
Join CTA and Radware as Neil, Daniel, and Pascal discuss the most [...]
Cultivating a Diverse Cybersecurity Workforce
Cyberattacks continue to increase in prevalence and impact and recent cyber incidents have brought a wake-up call that we must invest in training and hiring in the cybersecurity field. Because nearly every aspect of society depends on the digital infrastructure, cyberattacks are costly and extremely disruptive. We continue to rely on an inherently insecure internet […]
Incident Response Blog: Cyber Incidents in Ukraine
As Russian forces take military action in Ukraine, cybersecurity companies are reporting various cyber attacks targeting organizations within Ukraine, such as government agencies and critical infrastructure companies, and organizations outside of the country that provide services to Ukraine. Additionally, the U.S. [...]