Friday, January 26, 2018

microsoft corrections; Enterprise Cyber Security Solutions | Trend Micro

Enterprise Cyber Security Solutions | Trend Micro:




There are a few important pieces to note for Trend Micro customers:
  • These are not vulnerabilities in Trend Micro products.
  • Microsoft began issuing out-of-band security patches starting on January 3, 2018 for Windows platforms, and is requiring its customers to check compatibility with anti-malware products before installing this patch.
  • Trend Micro's endpoint and security products listed below are compatible with Microsoft's January 2018 security patches.
  • However, these new Microsoft security patches require a special registry key that must be set for ALL customers who utilize Microsoft's automatic Windows Updates in order to even receive the update. This key is NOT required for customers who manually apply the update.
  • We are providing a few alternative approaches for customers to deploy these registry keys.
  • It is highly recommended that customers test any patch or solution mentioned in a non-production environment first before a wider deployment.
  • At this time, there are no known in-the-wild exploits of either the Meltdown or Spectre vulnerabilities; however, there is a POC remote exploit for Spectre.  Trend Micro has released some out-of-band protection updates for this.
Please read further for more information.

 
Looking for information on consumer Trend Micro Security products? Please click here for more information.
DETAILS
On January 3, 2018, Microsoft began to release its monthly Security Bulletin early for some platforms due to newly revealed CPU security flaws - commonly referred to as "Meltdown" and "Spectre". Microsoft's January 2018 patches implement new requirements (KB4072699) to target the delivery of the patches and to ensure that security and anti-malware software is compatible.
Microsoft has requested that security vendors verify product compatibility with this new patch, and Trend Micro commercial endpoint and server security products - including Trend Micro OfficeScan, Worry-Free Business Security, and Deep Security - are affected by these new Microsoft requirements. Our compatibility testing is underway and the latest information can be found below.
If the Trend Micro products you are using are listed as compatible, customers running these products will require a new Microsoft Windows registry key to allow the Windows Update to occur automatically.
Microsoft is not providing a tool for customers to deploy this registry key, therefore Trend Micro is offering several options, including instructions below, to ensure customers are able to receive the January Microsoft patches as quickly possible in conjunction with Trend Micro security software deployment:
  1. Customer administrators may manually create and/or deploy the specific registry key (ALLOW REGKEY) to clients to unblock the deployments.
  2. Customers may download the update packages directly from the Windows Update catalog if they are not offered the update through Windows Update.
  3. Customers with the Trend Micro solutions listed below may apply a specific patch for their product that will enable the ALLOW REGKEY needed to be offered the patches from Windows Update.

Compatibility Testing

As part of our regular process, Trend Micro's product development team conducts pre-release compatibility testing with Microsoft security releases to try prevent major issues. Due to the early emergency deployment of Microsoft's patch beginning on January 3, Trend Micro's complete compatibility testing has not been finalized. However, Trend Micro has completed testing on the endpoint and server security products listed below and will continue to update this article as necessary.
 
Clarification Point: the following table lists products that have been fully tested with Microsoft's January 2018 Security Update. However, please note that ALL Windows machines that rely on Windows Update (including SCCM) to automatically download and deploy security patches from Microsoft will need to have the ALLOW KEY registry setting in order to obtain the update from Windows Update.
ProductTested Version(s)Platform
OfficeScan11.0 and aboveWindows
Worry-Free Business Security Standard/Advanced9.0 and aboveWindows
Worry-Free Business Security Services6.2 and aboveWindows
ServerProtect for Storage6.0Windows
ServerProtect for Microsoft Windows (SPNT)5.8Windows
ServerProtect for EMC Celerra (SPEMC)5.8Windows/EMC
ServerProtect for Network Appliance Filers (SPNAF)5.8Windows/NAF
Deep Security (Agent and Virtual Appliance)9.0, 9.5, 9.6, 10.0 and aboveWindows
Trend Micro Vulnerability Protection2.0Windows
Trend Micro Endpoint Sensor1.6Windows
Trend Micro ScanMail for Exchange12.0, 12.5*Windows
* Please note that even though that Trend Micro ScanMail for Exchange is a messaging security product, Trend Micro did find some initial incompatibility with the January 3rd patches after testing.  Microsoft identified the issue on their end and has released some updates to resolve this.  Please see article Trend Micro KB article 1119222 for more information.
Customers who wish to obtain the Microsoft patches as quickly as possible for internal testing or deployment purposes may implement one of the following options outlined below.

Manual Creation of ALLOW REGKEY

If you have Active Directory (AD), the simplest approach is to use Group Policy Objects (GPOs) to push the new registry key. Here's how:
The ALLOW REGKEY registry key may be created using the following:
RegKey="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat"
Value Name ="cadca5fe-87d3-4b96-b7fb-a231484277cc"
Type="REG_DWORD"
Data="0x00000000"
  • This method may be needed for clients who do not have active security software deployed or cannot apply a product-specific patch.
  • If the ALLOW REGKEY is created after initially not being offered the January 2018 update, the update will be offered the next time the client checks for Windows Updates.
 
If you are not running Active Directory, you may either apply one of the Trend Micro product specific patches below or manually deploy the Windows Update in your organization.

Trend Micro Specific Patches

Trend Micro has released the following patches and is currently finalizing others which enable the ALLOW REGKEY through the product for affected clients.
 
Please note, the Trend Micro patches below ONLY enable the products to push the ALLOW REGKEY setting. The actual security patch must be still obtained and installed from Microsoft. These patches do NOT resolve the actual Sprectre or Meltdown vulnerabilities.
ProductUpdated versionNotesPlatformAvailability
OfficeScanXG (all versions including SP1) - CP 1825-4430ReadmeWindowsNow Avaliable
11.0 SP1 - CP 6496ReadmeWindowsNow Avaliable
Deep SecurityDeep Security Agent 10.0.0-2649 for Windows (U6)ReadmeWindowsNow Avaliable
Deep Security Agent 9.6.2-8288 for WindowsReadmeWindowsNow Avaliable
Deep Security Agent 9.5.3-7845 for WindowsReadmeWindowsNow Avaliable
Worry-Free Business Security9.5 CP 1447ReadmeWindowsNow Avaliable
Note that Microsoft's original disclosure date was scheduled for January 9th, but due to the early release some of our information is incomplete. This article will be updated as additional compatibility information becomes available.
 
Additionally, note that per Microsoft, even clients that do not have active anti-malware or security software installed may still be required to apply the specific registry key before the security patches can be obtained from Windows Update.

Non-Microsoft Solution Compatibility

As Microsoft products are not the only ones affected by Meltdown and Spectre, Trend Micro has information on other solutions and platforms such as Apple macOS and Linux. Below are some links to specific information on compatibility of Trend Micro products with non-Microsoft operating systems:

Trend Micro Protection

As of now, there are no current known in-the-wild exploits of the Spectre and Meltdown vulnerabilities. However, there have been some proof of concept (POC) ones shared in the community which highlight some theoretical remote attacks using Spectre. Trend Micro has proactively released the following out-of-band updates:
  • Trend Micro TippingPoint - Digtal Vaccine #DV9051
  • Trend Micro Deep Security & Vulnerability Protection - DSRU18-003

External Reference(s)

Trend Micro Blogs
Microsoft Information
Other 3rd Party Information
Rating:
344 found this helpful
Category:
Update
Solution Id:
1119183
FEEDBACK
Did this article help you? 


'via Blog this'
Post a Comment