Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Octavian_Dragul
Participant

Meltdown and Spectre bugs

Jump to solution

Hi Guys,

Do you know if Checkpoints are affected by Meltdown and Spectre and if so, what is the timeframe for a patch being released?

Regards,

Octavian

1 Solution

Accepted Solutions
Ronen_Zel
Mod
Mod
11 Replies
Ronen_Zel
Mod
Mod
Octavian_Dragul
Participant

Thank you Ronen. I've just seen this. It seems that someone else has posted before me.

Kind regards,

Octavian

0 Kudos
Dave_Hoggan
Contributor

Hi,

Our SE suggested I ask this here so apologies in advance if not the right place 🙂

I'm thinking of what can CP do to protect user networks as opposed to the gateways themselves - to whick access should be tightly restricted.

 

Specifically, I was thinking of the scenario where a user on the network downloads a malicious piece of code that exploits this vulnerability. Patching 500-odd PCs is a time-consuming process for a business when those devices are in active use. What plans – if any – do CP have to trap such malicious code via TEM and CPU-level emulation? That would be a strong selling point.

 

Thanks,


Dave

Danny
Champion
Champion

Dave,

this is exactly what Check Point IPS is about. Here is the protection you are looking for.

Danny

Alexey_Vershkov
Explorer

Hello, What about code execution during traffic inspection?

PhoneBoy
Admin
Admin

The only potential "arbitrary" code that might be executed as part of Threat Prevention is during Threat Emulation.

This happens on Threat Emulation specific appliances in VMs. 

A feature that would be needed during the exploit phase is disabled on Check Point appliances, as noted in the SK linked above.

Dave_Hoggan
Contributor

Hi Dameon,

I think the sk article does a good job of clarifying that CP itself is not vulnerable; the questions are really about what a CP deployment can do to protect what is behind it.

Danny (above) linked to an IPS protection that appears to address part of this (via javascript), but not via arbitrary code. For clarification of your reply above, are you stating that TEM can already detect this or will be able to detect this for clients behind the gateway downloading a malicious executable? The difference between 'can' and 'will be able to' is quite a big one! 

Thanks.

PhoneBoy
Admin
Admin

Right, IPS only gets the Javascript exploit vector.

As for Threat Emulation's role in all this, stay tuned Smiley Happy

Subject02066
Employee
Employee

Hi PhoneBoy, 

Can you clarify about what feature exactly has been turned off?

I have a customer asking about how exactly are we mitigating these threats on our gateways...(he already read the sk involved)

0 Kudos
John_Tammaro1
Contributor

Check SK 122205

0 Kudos
PhoneBoy
Admin
Admin