Cylance Not Impacted by Meltdown or Spectre Vulnerabilities

Chip manufacturers have acknowledged a set of vulnerabilities (CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754) that are exploitable at the hardware architecture level, leaving multiple operating systems impacted, including Microsoft Windows, Apple macOS, and various Linux distributions.

Cylance customers:

  • Microsoft issued a patch out-of-band before vendors were given time to respond with testing and updates.
  • Initial tests show no impact to CylancePROTECT® or CylanceOPTICS™ from a compatibility perspective.
  • The registry key will only be required if customers wish to utilize Windows automatic updates. If manually applying the update, the registry key is not required. We are currently in the process of a full-spectrum of QA testing and will follow with full instructions on updating this.
  • We recommend that customers test this update in non-production systems first.

At this time, it has been confirmed by the Cylance Threat Guidance team that there are no malware kits taking advantage of these vulnerabilities with rogue executables that Cylance would prevent. We will continue monitoring, and if weaponized exploits begin to appear, we will update this article with our protection status.

Meltdown and Spectre are critical hardware-based vulnerabilities in modern processors. These vulnerabilities could allow an attacker to steal information stored in the memory of a wide range of computer chips running on personal devices — not just computers and phones, but also the servers in data centers, including those used to run cloud computing services.

These widespread vulnerabilities could allow an attacker to steal information stored in the memory of the chip itself, including things such as passwords and cached files. It could also pave the way for attackers to weaken other security features.

Meltdown breaks the mechanism that keeps applications from accessing arbitrary system memory. Consequently, applications can access system memory. Spectre tricks other applications into accessing arbitrary locations in their memory. Both attacks use (Read more...)

This is a Security Bloggers Network syndicated blog post authored by The Cylance Team. Read the original post at: Cylance Blog