A set of chipset design flaws that affect a large number of computer processors has been discovered. AhnLab has applied the relevant signatures to V3, its anti-virus software, to protect our customers. Also, AhnLab is closely monitoring the situation to help protect against any potential chipset vulnerabilities and variants.
- Design flaws in chipsets known as Spectre (CVE-2017-5753, CVE-2017-5715) and Meltdown (CVE-2017-5754) have been discovered.
- Exploitation of these vulnerabilities could allow an attacker to perform a side-channel attack and obtain access to sensitive information in the cache memory.
- Most Intel CPUs released since 1995 could be affected by this Meltdown vulnerability (CVE-2017-5754).
- No reports indicate any security breaches by these vulnerabilities have occurred so far.
- It is, however, recommended that precautions be taken: the best protection is to keep your systems up to date.
- Microsoft has released relevant security patches through a Windows Update.
- Many hardware and software vendors have or will release relevant security patches.
- AhnLab has applied the relevant signatures to its V3 anti-virus software.
2. Affected AhnLab Products and Status
(1) Security Appliance – TrusGuard, EMS and MDS
- TrusGuard, EMS and MDS use Intel CPUs and Linux Kernel, which are related to the recent vulnerability.
- However, AhnLab’s security appliances are designed to be “closed,” not allowing random program or malicious codes to run; thus, they are not affected by these vulnerabilities.
(2) Security Software including V3 and Agent Programs
- AhnLab’s security software is not directly affected by these vulnerabilities; there have been no reports that suggest any issues in performance or function as of this date.
- AhnLab has applied an emergency patch for its V3 products on January 8 as recommended by Microsoft, which helps to apply Microsoft’s security patch released on January 3.
- Our tests show that Microsoft’s security patch does not affect the operation of our security software and agent programs.
3. AhnLab’s Response
- AhnLab has applied an additional patch to its V3 product on January 9, as recommended by Microsoft’s antivirus patch guide.
- In regard to security appliances such as TrusGuard, EMS and MDS, AhnLab is constantly monitoring hardware and software vendors for the most recent information in order to be able to respond as quickly as possible if needed.
- AhnLab is conducting additional tests to check for any impact on our products.
- Any additional information will be constantly updated.
- Currently, AhnLab is monitoring the situation closely to protect against possible threats and constantly update any additional information.
4. Security Advisories
- Update V3 and other AhnLab’s products to the latest version.
- Apply the latest patches released by your OS vendors including Windows, Linux and Mac.
- Apply the latest patches released by your software vendors including web browsers and Java.
In order to protect our customers from any potential damages, AhnLab will closely monitor the situation and address any corresponding issues that may arise.
Should you have any questions, please contact the AhnLab Global TAC Team (firstname.lastname@example.org).