There were a set of chipset flaws that affect a large number of computer processors have been discovered. AhnLab has applied the relevant signatures to V3, its anti-virus software, to protect our customers. Also, AhnLab is currently monitoring the situation closely to help protect against chipset vulnerabilities and variants.
- There were design flaws in chipset known as Spectre(CVE-2017-5753, CVE-2017-5715) and Meltdown(CVE-2017-5754) have been found.
- Exploitation of these vulnerabilities could allow an attacker to perform a side-channel attack and obtain access to sensitive information in cache memory.
- Most Intel CPUs released since 1995 could be affected by Meltdown vulnerability (CVE-2017-5754).
2. Recommended Actions
- There has been no report that indicates any security breaches caused by these vulnerabilities so far.
- It is, however, recommended to take precautions just in case: the best protection is to keep your systems up to date.
- Microsoft has released the relevant security patches through Windows Update.
- Many hardware and software vendors have or will release the relevant security patches.
- AhnLab has applied the relevant signatures to V3 anti-virus software.
3. Affected AhnLab Products and Status
(1) Security Appliance – TrusGuard, EMS and MDS
- TrusGuard, EMS and MDS use Intel CPU and Linux Kernel, which are related to the vulnerability.
- However, AhnLab’s security appliances are designed to be “closed”, not allowing any random program or malicious code to run; thereby they are not affected by these vulnerabilities.
(2) Security Software including V3 and Agent Programs
- AhnLab’s security software is not directly affected by these vulnerabilities; there has no report that implies any issues in the performance and function so far now.
- AhnLab has released an emergency patch for V3 products on January 8 according to the recommendation of Microsoft, which helps apply Microsoft’s security patch released on January 3.
- Our tests show that Microsoft’s security patch does not affect the operation of our security software and agent programs.
4. AhnLab’s Response
- AhnLab has applied additional patch to V3 on January 9, according to Microsoft’s antivirus patch guide.
- In regard to security appliances such as TrusGuard, EMS and MDS, AhnLab is constantly checking hardware and software vendors for the most recent information in order to respond as fast as possible just in case.
- AhnLab is conducting additional tests to check for any impact on our products.
- Currently AhnLab keeps monitoring the situation closely to protect against possible threats and constantly update any additional information.
5. Security Advisories
- Update V3 and other AhnLab’s products to the latest version.
- Apply the latest patches released by your OS vendors including Windows, Linux and Mac.
- Apply the latest patches released by your software vendors including web browsers and Java.