[LAST UPDATED Jan 4th 2018 – 18:35 UTC]
Sophos is aware of the Kernel memory leak issues being discussed by The Register, and which are addressed in patches that were released ahead of schedule by Microsoft on 03 Jan 2018, as well as by patches to Linux, and other platforms. This article will continue to be updated when new information becomes available.
Technical specifics of the issue
Sophos is investigating a vulnerability involving a kernel memory leak known by names such as KPTI, KAISER and F**CKWIT. The information was originally published by The Register. Additionally new research published on 03 Jan 2018 provides details of exploits that utilize this vulnerability, known as Meltdown and Spectre. The Sophos Naked Security blog has posted more details on this issue here.
For Microsoft products the vulnerabilities are addressed in patches that were released ahead of schedule by Microsoft on 03 Jan 2018, as well as by patches to Linux.
How does this affect Sophos customers?
On 03 Jan 2018 Microsoft released a Security Advisory (ADV180002) which includes advice on this vulnerability and links to security updates.
The Microsoft article advises you contact your Anti-Virus vendor to confirm that their software is compatible with the patch and also sets a specific registry key.
Sophos has completed testing of installing the patch and setting the registry key and can confirm no compatibility issues were seen. We will begin to automatically add the registry key to the following Sophos Endpoint/Server products starting 05 Jan 2018:
- Sophos Central Endpoints/Servers
- Sophos Enterprise Console Endpoints/Servers
- Preview subscription
- Recommended subscription
- Sophos Endpoint Standalone
- Sophos Virtual Enviroment (SVE)
- UTM Managed Endpoints
- Sophos Home
Customers wishing to apply the patch now, ahead of the Sophos update can set the registry key manually as described in the Microsoft article: ADV180002. Alternatively you can manually download and apply the patch without the registry key.
Please note that Microsoft states «you may also need to install firmware updates from your device manufacturer for increased protection. Check with your device manufacturer for relevant updates.». For more information see Microsoft article: Windows Client Guidance for IT Pros to protect against speculative execution side-channel vulnerabilities. We recommend that you test any firmware updates before deploying to your live environment.
We are also evaluating our products such as XG Firewall, UTM and other appliances, that run on Linux and Intel hardware to ensure that they are appropriately protected against this vulnerability and will update this article with further information and advice once we have it.
- Sophos Naked Security: F**CKWIT, aka KAISER, aka KPTI – Intel CPU flaw needs low-level OS patches
- Microsoft: ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilities
- The Register: ‘Kernel memory leaking’ Intel processor design flaw forces Linux, Windows redesign
- Project Zero: Meltdown and Spectre exploits
Feedback and contact
If you’ve spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article.
This is invaluable to us to ensure that we continually strive to give our customers the best information possible.