Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

SECURITY BULLETIN: Trend Micro Appliances (including Virtual) and CPU Speculative Execution Issue (aka Meltdown and Spectre)

    • Updated:
    • 24 Aug 2018
    • Product/Version:
    • Deep Discovery Analyzer 6.All
    • Deep Discovery Email Inspector 3.All
    • Deep Discovery Inspector 5.All
    • Deep Security 11.All
    • InterScan Messaging Security Virtual Appliance 9.All
    • InterScan Web Security Virtual Appliance All.All
    • Network VirusWall Enforcer 1500i All.All
    • Network VirusWall Enforcer 3500i All.All
    • Network VirusWall Enforcer 3600i All.All
    • SafeSync for Enterprise 3.All
    • Smart Protection Server 3.All
    • Platform:
    • Appliance All
    • Bare Metal N/A
    • Virtual Appliance 4.1
Summary

This article contains information on how Trend Micro appliances (including virtual appliances) may be affected by the earlier disclosed CPU Speculative Executive issue: CVE-2017-5753, CVE-2017-5715, CVE-2017-5754, and the recently disclosed CVE-2018-3640 and CVE-2018-3639 variants – more commonly known as Meltdown and Spectre.

Please note that Meltdown and Spectre are not Trend Micro vulnerabilities, but instead exist at a hardware (CPU) layer on multiple operating systems including Microsoft Windows, Linux and Apple macOS.

This article will continue to be updated as more information and solutions become available.

 
Looking for general compatibility information for Trend Micro solutions and major vendors’ OS patches for Meltdown and Spectre? Please visit this article for more information.
Or information on the new L1TF variant? Please visit this article.
Details
Public
Trend Micro is continually evaluating all of its hardware and virtual appliances to determine which may be potentially affected by the Meltdown and Spectre vulnerabilities (all variants) and the potential impact of the available resolutions. Trend Micro must primarily rely on the microcode (CPU) or operating systems (OS) vendor’s patch before incorporating any fix into a Trend Micro hardware or virtual appliance. Please note that some manufacturers (e.g. Dell) are still working through hardware solutions and have given some guidance to delay patching in certain instances because of the negative performance impact some of the available patches may present.
From a risk perspective, in order to exploit any of these vulnerabilities, an attacker must be able to run crafted code on an affected device and then attempt to exfiltrate and interpret potentially sensitive data from memory – which is not a trivial (easy) task.
Trend Micro hardware and virtual appliances are closed systems, which are intended to execute only code provided by Trend Micro. Because these systems are closed the attack surface is considerably reduced.
A different attack scenario involves exploitation of these vulnerabilities on a host OS or virtualization software/hardware. To mitigate this scenario administrators must apply vendor provided patches for the host OS and virtualization software/hardware.
The recently announced variants (v3a and v4) of these vulnerabilities, while exposing different potential exploitation methods, still seek to exploit the same underlying microcode flaw. The general guidance and risk factors for the earlier variants still apply.
Currently Trend Micro is not aware of any exploits or attacks, that are in the wild, which affect Trend Micro hardware and virtual appliances.

Updated Solutions

Where necessary and available, Trend Micro has evaluated specific vendor’s OS/kernel patches and has integrated their updates for the earlier variants of Meltdown and Spectre into the following patches/versions of Trend Micro products listed below:

ProductMinimum Updated Version*NotesPlatformAvailability
Deep Discovery AnalyzerVersion 6.0 (B1212)ReadmeApplianceAvailable Now
Version 6.1 (B1114)ReadmeApplianceAvailable Now
Deep Discovery Email InspectorVersion 3.0 Patch 1 (B1246)ReadmeApplianceAvailable Now
Deep Discovery InspectorVersion 5.0 HF 1590**See BelowApplianceAvailable Now
Deep Security ApplianceVersion 11.0ReadmeVirtual ApplianceAvailable Now
InterScan Messaging Security (Virtual Appliance)Version 9.1 CP 1695ReadmeVirtual ApplianceAvailable Now
Version 9.0 HF B1666**See BelowVirtual ApplianceAvailable Now
SafeSync for EnterpriseVersion 3.2 HF B2066**ReadmeLinux (Virtual Appliance)Available Now
Smart Protection Server (Standalone)Version 3.3 B1082ReadmeLinux (Virtual Appliance)Available Now

* The version listed is the minimum version or build that incorporates enhancements or patches related to this issue. However, Trend Micro strongly recommends that customers apply the latest build or patch (if available) to ensure that other critical issues and vulnerabilities are also addressed. Please visit Trend Micro’s Download Center for the latest versions and patches.

** Customers needing image or hotfix (HF) solutions listed above may contact Trend Micro technical support to obtain the solution and for more information.

 
As mentioned above, since Trend Micro hardware and virtual appliances are closed systems, the later variants of Meltdown and Spectre, as well as the new L1 Terminal Fault (L1TF) speculative execution side channel vulnerability are considered low risk and will continued to be evaluated. If/when any additional patches become available for a particular appliance or virtual appliance, this article will be updated.

Additional Products

In addition, the following products have been analyzed and due to the closed nature of the system and the steps needed to exploit this vulnerability, do not require a specific patch update at this time:

  • InterScan Web Security Virtual Appliance
  • Network VirusWall Enforcer
Premium
Internal
Rating:
Category:
Upgrade; Update
Solution Id:
1120757
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.