ESET Customer Advisory 2018-0001
January 4, 2018
ESET has recently learned about vulnerabilities called Spectre and Meltdown that affect almost all Intel, AMD and ARM processors. ESET is one of the few third-party security solutions already compatible with Microsoft’s emergency patches (released January 3rd, 2018) that fix these vulnerabilities.
On January 4, 2018, at 7:45 AM CET, ESET released Antivirus and antispyware scanner module 1533.3 for all consumer and business users. This update marks the system as compatible to download important security patches for Microsoft Windows. At the time of writing, ESET is one of only three AV vendors to support the patches, with others set to receive the updates starting tomorrow.
While testing the patch on Windows operating systems, Microsoft determined that some third-party vendors experienced issues with the patch related to internal changes in the Windows kernel that could result in stop errors (also known as BSODs).
These calls may cause stop errors that make the device unable to boot. To help prevent stop errors caused by incompatible antivirus applications, Microsoft is only offering the Windows security updates released on January 3, 2018 to devices running anti-virus software from partners who have confirmed their software is compatible with the January 2018 Windows operating system security update.
The Spectre and Meltdown vulnerabilities, published on January 3, 2018, are byproducts of optimization techniques designed to increase the performance of modern processors.
These techniques are called "out-of-order" and "speculative" execution. They allow the processor to make better use of time it would have to spend waiting unnecessarily before executing the next instruction to pre-compute further results which may or may not be used in the execution flow.
These pre-computed results, if not used, are discarded – but, as researchers have shown, there are side-effects left by such precomputation which are not disposed of thoroughly enough and can sometimes be leaked to the potential attacker.
As stated by researchers, there are theoretical ways that antivirus software could detect the problem. However, detection would have a negative impact on device performance, and significantly influence user experience; it would be a less effective approach than prevention. Therefore, we recommend that users take the following steps:
More information on these vulnerabilities is available in the following ESET publications:
Version 1.3 (January 4, 2018): This is the fourth revision of this document