Endpoint Protection

 View Only

  • 1.  Does SEP detection signature available for Spectre and Meltdown

    Posted Jan 08, 2018 10:24 PM

    Hi,

    I found SYMC/SEP signature for Spectre (CVE-2017-5753) ref: https://www.symantec.com/security_response/writeup.jsp?docid=2018-010508-3826-99

    But not for Spectre (CVE-2017-5715). 

     

    Is there any detection signature for Spectre (CVE-2017-5715)?

    As for the Meltdown, I dont see any signature(s). is there any plan to craft this signature?



  • 2.  RE: Does SEP detection signature available for Spectre and Meltdown

    Posted Jan 09, 2018 06:06 AM

    That's the only detection. Best defense is to patch it.

    Here is their blog on it:

    https://www.symantec.com/blogs/threat-intelligence/meltdown-spectre-cpu-bugs



  • 3.  RE: Does SEP detection signature available for Spectre and Meltdown

    Trusted Advisor
    Posted Jan 10, 2018 07:17 AM

    Hello,

    Symantec has released the following detection for attempts to exploit the Multiple CPU Hardwares Information Disclosure Vulnerability (CVE-2017-5753/Spectre):

    Exp.CVE-2017-5753

    https://www.symantec.com/security_response/writeup.jsp?docid=2018-010508-3826-99

    However, Spectre (CVE-2017-5753 and CVE-2017-5715) has a similar outcome but works in a slightly different way, and exploits a flaw in processor design to trick an application into leaking information stored in memory. According to the team who discovered Spectre, virtually all modern processors are affected by the vulnerability, including Intel, AMD, and ARM chips. Once again, the vulnerability is operating system agnostic. Spectre is reportedly more difficult to patch but also more difficult to exploit. Work is underway to harden software against any potential exploits.