SECURITY BULLETIN: Trend Micro Appliances (including Virtual) and CPU Speculative Execution Issue (aka Meltdown and Spectre)

- Updated:
- 24 Aug 2018
- Product/Version:
- Deep Discovery Analyzer 6.All
- Deep Discovery Email Inspector 3.All
- Deep Discovery Inspector 5.All
- Deep Security 11.All
- InterScan Messaging Security Virtual Appliance 9.All
- InterScan Web Security Virtual Appliance All.All
- Network VirusWall Enforcer 1500i All.All
- Network VirusWall Enforcer 3500i All.All
- Network VirusWall Enforcer 3600i All.All
- SafeSync for Enterprise 3.All
- Smart Protection Server 3.All
- Platform:
- Appliance All
- Bare Metal N/A
- Virtual Appliance 4.1

This article contains information on how Trend Micro appliances (including virtual appliances) may be affected by the earlier disclosed CPU Speculative Executive issue: CVE-2017-5753, CVE-2017-5715, CVE-2017-5754, and the recently disclosed CVE-2018-3640 and CVE-2018-3639 variants – more commonly known as Meltdown and Spectre.

Please note that Meltdown and Spectre are not Trend Micro vulnerabilities, but instead exist at a hardware (CPU) layer on multiple operating systems including Microsoft Windows, Linux and Apple macOS.

This article will continue to be updated as more information and solutions become available.

Looking for general compatibility information for Trend Micro solutions and major vendors’ OS patches for Meltdown and Spectre? Please visit this article for more information.

Or information on the new L1TF variant? Please visit this article.

Trend Micro is continually evaluating all of its hardware and virtual appliances to determine which may be potentially affected by the Meltdown and Spectre vulnerabilities (all variants) and the potential impact of the available resolutions. Trend Micro must primarily rely on the microcode (CPU) or operating systems (OS) vendor’s patch before incorporating any fix into a Trend Micro hardware or virtual appliance. Please note that some manufacturers (e.g. Dell) are still working through hardware solutions and have given some guidance to delay patching in certain instances because of the negative performance impact some of the available patches may present.

From a risk perspective, in order to exploit any of these vulnerabilities, an attacker must be able to run crafted code on an affected device and then attempt to exfiltrate and interpret potentially sensitive data from memory – which is not a trivial (easy) task.

Trend Micro hardware and virtual appliances are closed systems, which are intended to execute only code provided by Trend Micro. Because these systems are closed the attack surface is considerably reduced.

A different attack scenario involves exploitation of these vulnerabilities on a host OS or virtualization software/hardware. To mitigate this scenario administrators must apply vendor provided patches for the host OS and virtualization software/hardware.

The recently announced variants (v3a and v4) of these vulnerabilities, while exposing different potential exploitation methods, still seek to exploit the same underlying microcode flaw. The general guidance and risk factors for the earlier variants still apply.

Currently Trend Micro is not aware of any exploits or attacks, that are in the wild, which affect Trend Micro hardware and virtual appliances.

Updated Solutions

Where necessary and available, Trend Micro has evaluated specific vendor’s OS/kernel patches and has integrated their updates for the earlier variants of Meltdown and Spectre into the following patches/versions of Trend Micro products listed below:

Product	Minimum Updated Version*	Notes	Platform	Availability
Deep Discovery Analyzer	Version 6.0 (B1212)	Readme	Appliance	Available Now
Deep Discovery Analyzer	Version 6.1 (B1114)	Readme	Appliance	Available Now
Deep Discovery Email Inspector	Version 3.0 Patch 1 (B1246)	Readme	Appliance	Available Now
Deep Discovery Inspector	Version 5.0 HF 1590**	See Below	Appliance	Available Now
Deep Security Appliance	Version 11.0	Readme	Virtual Appliance	Available Now
InterScan Messaging Security (Virtual Appliance)	Version 9.1 CP 1695	Readme	Virtual Appliance	Available Now
InterScan Messaging Security (Virtual Appliance)	Version 9.0 HF B1666**	See Below	Virtual Appliance	Available Now
SafeSync for Enterprise	Version 3.2 HF B2066**	Readme	Linux (Virtual Appliance)	Available Now
Smart Protection Server (Standalone)	Version 3.3 B1082	Readme	Linux (Virtual Appliance)	Available Now

* The version listed is the minimum version or build that incorporates enhancements or patches related to this issue. However, Trend Micro strongly recommends that customers apply the latest build or patch (if available) to ensure that other critical issues and vulnerabilities are also addressed. Please visit Trend Micro’s Download Center for the latest versions and patches.

** Customers needing image or hotfix (HF) solutions listed above may contact Trend Micro technical support to obtain the solution and for more information.

As mentioned above, since Trend Micro hardware and virtual appliances are closed systems, the later variants of Meltdown and Spectre, as well as the new L1 Terminal Fault (L1TF) speculative execution side channel vulnerability are considered low risk and will continued to be evaluated. If/when any additional patches become available for a particular appliance or virtual appliance, this article will be updated.

Additional Products

In addition, the following products have been analyzed and due to the closed nature of the system and the steps needed to exploit this vulnerability, do not require a specific patch update at this time:

InterScan Web Security Virtual Appliance
Network VirusWall Enforcer

Need More Help?

SECURITY BULLETIN: Trend Micro Appliances (including Virtual) and CPU Speculative Execution Issue (aka Meltdown and Spectre)