Solved: Re: Meltdown and Spectre bugs

Octavian_Dragul · ‎2018-01-04

Hi Guys,

Do you know if Checkpoints are affected by Meltdown and Spectre and if so, what is the timeframe for a patch being released?

Regards,

Octavian

Ronen_Zel · ‎2018-01-04

Hi Octavian,

See sk122205 - Check Point Response to Meltdown and Spectre (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754....

Regards,
Ronen

View solution in original post

Ronen_Zel · ‎2018-01-04

Hi Octavian,

See sk122205 - Check Point Response to Meltdown and Spectre (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754....

Regards,
Ronen

Octavian_Dragul · ‎2018-01-04

Thank you Ronen. I've just seen this. It seems that someone else has posted before me.

Kind regards,

Octavian

Dave_Hoggan · ‎2018-01-04

Hi,

Our SE suggested I ask this here so apologies in advance if not the right place 🙂

I'm thinking of what can CP do to protect user networks as opposed to the gateways themselves - to whick access should be tightly restricted.

Specifically, I was thinking of the scenario where a user on the network downloads a malicious piece of code that exploits this vulnerability. Patching 500-odd PCs is a time-consuming process for a business when those devices are in active use. What plans – if any – do CP have to trap such malicious code via TEM and CPU-level emulation? That would be a strong selling point.

Thanks,

Dave

Danny · ‎2018-01-04

Dave,

this is exactly what Check Point IPS is about. Here is the protection you are looking for.

Danny

Alexey_Vershkov · ‎2018-01-05

Hello, What about code execution during traffic inspection?

PhoneBoy · ‎2018-01-05

The only potential "arbitrary" code that might be executed as part of Threat Prevention is during Threat Emulation.

This happens on Threat Emulation specific appliances in VMs.

A feature that would be needed during the exploit phase is disabled on Check Point appliances, as noted in the SK linked above.

Dave_Hoggan · ‎2018-01-05

Hi Dameon,

I think the sk article does a good job of clarifying that CP itself is not vulnerable; the questions are really about what a CP deployment can do to protect what is behind it.

Danny (above) linked to an IPS protection that appears to address part of this (via javascript), but not via arbitrary code. For clarification of your reply above, are you stating that TEM can already detect this or will be able to detect this for clients behind the gateway downloading a malicious executable? The difference between 'can' and 'will be able to' is quite a big one!

Thanks.

PhoneBoy · ‎2018-01-05

Right, IPS only gets the Javascript exploit vector.

As for Threat Emulation's role in all this, stay tuned

Subject02066 · ‎2019-06-25

Hi PhoneBoy,

Can you clarify about what feature exactly has been turned off?

I have a customer asking about how exactly are we mitigating these threats on our gateways...(he already read the sk involved)

John_Tammaro1 · ‎2018-01-05

Check SK 122205

PhoneBoy · ‎2018-01-09

See also the note from our Research blog on the topic: Detection of the Meltdown and Spectre Vulnerabilities Using CheckPoint CPU-Level Technology - Check ...

Meltdown and Spectre bugs

Blade HTTPS Inspection Behavior

Protecting against Terrorism Websites using the UK...

Inspection of outgoing SMTP traffic

is it possible to add a mailing address to sanblas...

Malware 2021 to Present Day Building a Preventativ...

Are you a member of CheckMates?