Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Meltdown and Spectre bugs

Jump to solution

Hi Guys,

Do you know if Checkpoints are affected by Meltdown and Spectre and if so, what is the timeframe for a patch being released?

Regards,

Octavian

1 Solution
11 Replies
Highlighted

Thank you Ronen. I've just seen this. It seems that someone else has posted before me.

Kind regards,

Octavian

0 Kudos
Highlighted
Nickel

Hi,

Our SE suggested I ask this here so apologies in advance if not the right place 🙂

I'm thinking of what can CP do to protect user networks as opposed to the gateways themselves - to whick access should be tightly restricted.

 

Specifically, I was thinking of the scenario where a user on the network downloads a malicious piece of code that exploits this vulnerability. Patching 500-odd PCs is a time-consuming process for a business when those devices are in active use. What plans – if any – do CP have to trap such malicious code via TEM and CPU-level emulation? That would be a strong selling point.

 

Thanks,


Dave

Highlighted
Pearl

Dave,

this is exactly what Check Point IPS is about. Here is the protection you are looking for.

Danny

Highlighted

Hello, What about code execution during traffic inspection?

Highlighted
Admin
Admin

The only potential "arbitrary" code that might be executed as part of Threat Prevention is during Threat Emulation.

This happens on Threat Emulation specific appliances in VMs. 

A feature that would be needed during the exploit phase is disabled on Check Point appliances, as noted in the SK linked above.

Highlighted
Nickel

Hi Dameon,

I think the sk article does a good job of clarifying that CP itself is not vulnerable; the questions are really about what a CP deployment can do to protect what is behind it.

Danny (above) linked to an IPS protection that appears to address part of this (via javascript), but not via arbitrary code. For clarification of your reply above, are you stating that TEM can already detect this or will be able to detect this for clients behind the gateway downloading a malicious executable? The difference between 'can' and 'will be able to' is quite a big one! 

Thanks.

Highlighted
Admin
Admin

Right, IPS only gets the Javascript exploit vector.

As for Threat Emulation's role in all this, stay tuned Smiley Happy

Highlighted
Employee
Employee

Hi PhoneBoy, 

Can you clarify about what feature exactly has been turned off?

I have a customer asking about how exactly are we mitigating these threats on our gateways...(he already read the sk involved)

0 Kudos
Highlighted

Check SK 122205

0 Kudos
Highlighted
Admin
Admin