cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Meltdown and Spectre bugs

Jump to solution

Hi Guys,

Do you know if Checkpoints are affected by Meltdown and Spectre and if so, what is the timeframe for a patch being released?

Regards,

Octavian

1 Solution

Accepted Solutions
11 Replies

Re: Meltdown and Spectre bugs

Jump to solution

Thank you Ronen. I've just seen this. It seems that someone else has posted before me.

Kind regards,

Octavian

0 Kudos
Dave_Hoggan
Nickel

Re: Meltdown and Spectre bugs

Jump to solution

Hi,

Our SE suggested I ask this here so apologies in advance if not the right place 🙂

I'm thinking of what can CP do to protect user networks as opposed to the gateways themselves - to whick access should be tightly restricted.

 

Specifically, I was thinking of the scenario where a user on the network downloads a malicious piece of code that exploits this vulnerability. Patching 500-odd PCs is a time-consuming process for a business when those devices are in active use. What plans – if any – do CP have to trap such malicious code via TEM and CPU-level emulation? That would be a strong selling point.

 

Thanks,


Dave

Danny
Pearl

Re: Meltdown and Spectre bugs

Jump to solution

Dave,

this is exactly what Check Point IPS is about. Here is the protection you are looking for.

Danny

Re: Meltdown and Spectre bugs

Jump to solution

Hello, What about code execution during traffic inspection?

Admin
Admin

Re: Meltdown and Spectre bugs

Jump to solution

The only potential "arbitrary" code that might be executed as part of Threat Prevention is during Threat Emulation.

This happens on Threat Emulation specific appliances in VMs. 

A feature that would be needed during the exploit phase is disabled on Check Point appliances, as noted in the SK linked above.

Dave_Hoggan
Nickel

Re: Meltdown and Spectre bugs

Jump to solution

Hi Dameon,

I think the sk article does a good job of clarifying that CP itself is not vulnerable; the questions are really about what a CP deployment can do to protect what is behind it.

Danny (above) linked to an IPS protection that appears to address part of this (via javascript), but not via arbitrary code. For clarification of your reply above, are you stating that TEM can already detect this or will be able to detect this for clients behind the gateway downloading a malicious executable? The difference between 'can' and 'will be able to' is quite a big one! 

Thanks.

Admin
Admin

Re: Meltdown and Spectre bugs

Jump to solution

Right, IPS only gets the Javascript exploit vector.

As for Threat Emulation's role in all this, stay tuned Smiley Happy

Employee
Employee

Re: Meltdown and Spectre bugs

Jump to solution

Hi PhoneBoy, 

Can you clarify about what feature exactly has been turned off?

I have a customer asking about how exactly are we mitigating these threats on our gateways...(he already read the sk involved)

0 Kudos

Re: Meltdown and Spectre bugs

Jump to solution

Check SK 122205

0 Kudos
Admin
Admin

Re: Meltdown and Spectre bugs

Jump to solution