Impact of Spectre and Meltdown on Endpoint Protector Deployments
Overviewβ
Spectre (CVE-2017-5753, CVE-2017-5715) and Meltdown (CVE-2017-5754) are processor vulnerabilities that can be exploited by malicious applications running locally on affected systems. As of February 9, 2018, there have been no reported cases of these vulnerabilities being exploited in the wild.
As a Netwrix Endpoint Protector user, you may be indirectly affected by Spectre and Meltdown. The Netwrix Endpoint Protector server typically runs as a Virtual Appliance or as a Hardware Appliance.
Instructionsβ
- Netwrix Endpoint Protector Hardware Appliance: Contact Netwrix Support to apply the latest patches to the Ubuntu operating system.
- Netwrix Endpoint Protector Virtual Appliance: Patch your hypervisor (such as VMware ESXi) to address these vulnerabilities.
- Endpoints running the Netwrix Endpoint Protector Agent/Client: Follow the update procedures provided by your operating system vendor to address these vulnerabilities.
Operating systems like Ubuntu have released and continue to release patches to address these vulnerabilities. For more information on how Ubuntu is addressing Spectre and Meltdown, see:
Meltdown, Spectre and Ubuntu: What You Need to Know βΈ± Ubuntu β https://ubuntu.com/blog/meltdown-spectre-and-ubuntu-what-you-need-to-know
New Netwrix Endpoint Protector Hardware Appliances ship with the latest patches. For older appliances, please contact Netwrix Support for assistance.