Is Advanced Threat Protection (ATP) Platform or Symantec Endpoint Detection and Response (SEDR) vulnerable to Meltdown or Spectre?

book

Article ID: 170741

calendar_today

Updated On:

Products

Endpoint Detection and Response Advanced Threat Protection Platform

Issue/Introduction

You wonder if ATP Platform or SEDR is vulnerable to either Meltdown (CVE-2017-5754) or Spectre(CVE-2017-5753 or CVE-2017-5715).

Resolution

  1. These issues are present in Dell hardware hosts and in VMWare environments based on vulnerable processors.
     
  2. Within the operating system of ATP software, these three issues are not exploitable. To exploit these flaws, an attacker must locally compromise the system and execute malicious code. Advanced Threat Protection is delivered to market with security hardening which prevents execution of non-Symantec code.
     
  3. In a VMWare environment the issue is exploitable from other virtual guests. While an attack could not be launched from ATP Virtual Edition, an attacking guest on the same virtual host as ATP Virtual Edition could read the memory space of ATP Platform. To fully protect against this possibility, please patch the physical host stack, VMWare host operating system, and the operating system of each guest.
     
  4. ATP Platform v3.0.5 includes OS patches for these two issues. The OS patches solves #1, #2, and the guest part of the solution for #3.  
     
  5. Dell may issue firmware/microcode patches of their own.  Check support.dell.com for the Dell hardware model in use.

 

For steps to check BIOS or Firmware versions of ATP Platform or SEDR, please see the following KB article:

 

Symantec is not responsible for content published on the websites of other companies. The following links are provided as reference for the convenience of our ATP customers.