ESET Customer Advisory 2018-0001

January 4, 2018

Severity: Critical

Summary

ESET has recently learned about vulnerabilities called Spectre and Meltdown that affect almost all Intel, AMD and ARM processors. ESET is one of the few third-party security solutions already compatible with Microsoft’s emergency patches (released January 3rd, 2018) that fix these vulnerabilities.

Solution

On January 4, 2018, at 7:45 AM CET, ESET released Antivirus and antispyware scanner module 1533.3 for all consumer and business users. This update marks the system as compatible to download important security patches for Microsoft Windows. At the time of writing, ESET is one of only three AV vendors to support the patches, with others set to receive the updates starting tomorrow.

Why it's important to use a Microsoft-compatible solution such as ESET

While testing the patch on Windows operating systems, Microsoft determined that some third-party vendors experienced issues with the patch related to internal changes in the Windows kernel that could result in stop errors (also known as BSODs).

These calls may cause stop errors that make the device unable to boot. To help prevent stop errors caused by incompatible antivirus applications, Microsoft is only offering the Windows security updates released on January 3, 2018 to devices running anti-virus software from partners who have confirmed their software is compatible with the January 2018 Windows operating system security update.

Details

The Spectre and Meltdown vulnerabilities, published on January 3, 2018, are byproducts of optimization techniques designed to increase the performance of modern processors.

These techniques are called "out-of-order" and "speculative" execution. They allow the processor to make better use of time it would have to spend waiting unnecessarily before executing the next instruction to pre-compute further results which may or may not be used in the execution flow.

These pre-computed results, if not used, are discarded – but, as researchers have shown, there are side-effects left by such precomputation which are not disposed of thoroughly enough and can sometimes be leaked to the potential attacker.

As stated by researchers, there are theoretical ways that antivirus software could detect the problem. However, detection would have a negative impact on device performance, and significantly influence user experience; it would be a less effective approach than prevention. Therefore, we recommend that users take the following steps:

• Keep track of any related patches for their systems and apply them as soon as possible
   
• Keep all other software updated, including web browsers
   
• Be on the lookout for phishing emails which are still the number one way for hackers to get a foothold on your computer

Feedback & Support

More information on these vulnerabilities is available in the following ESET publications:

• ESET Alert 6644: Spectre and Meltdown vulnerabilities discovered
   
• ESET Corporate blog post: Meltdown & Spectre: How to protect yourself from these CPU security flaws
   
• WeLiveSecurity blog posts
  • Meltdown and Spectre CPU Vulnerabilities: What You Need to Know
  • MADIoT – The nightmare after XMAS (and Meltdown, and Spectre)

If you have feedback or questions about this issue, please contact us using the ESET Security Forum, or via local ESET Support.

Version log

Version 1.3 (January 4, 2018): This is the fourth revision of this document