SECURITY BULLETIN: Trend Micro Appliances (including Virtual) Guidance for L1 Terminal Fault (L1TF) Vulnerability

Trend Micro is continually evaluating all of its hardware and virtual appliances to determine which may be potentially affected by this new L1TF variant and the potential impact of the available resolutions.

As noted in our appliance guidance bulletin for Meltdown and Spectre, Trend Micro’s analysis and risk assessment of the L1TF variant is the same as later variants of Meltdown and Spectre (v3a and v4) – mainly that due to the complexity of the nature of a potential attack and closed nature of Trend Micro hardware and virtual appliances, the attack surface is considerably reduced and is considered low risk.

Currently Trend Micro is not aware of any exploits or attacks, that are in the wild, which affect Trend Micro hardware and virtual appliances.

Updated Solutions

For non-appliance solutions, it is highly recommended that Trend Micro customers ensure they have the necessary critical patches from their OS and hypervisor vendors as appropriate.

One notable issue is that CVE-2018-3646 deals specifically with virtualization software and Virtual Machine Monitors (VMM). In theory, exploitation of this flaw could allow a malicious guest virtual machine (VM) to obtain data in the VMM from other guest VMs. While this type of Inter-VM scenario is out of our control – Trend Micro still highly encourages customers to ensure they have applied any necessary hypervisor patches or updates as provided by your vendor.

Where necessary and available, Trend Micro will evaluate specific vendor’s OS/kernel patches and will integrate them into updated patches or versions of the appliances.

If/when any additional patches become available for a particular appliance or virtual appliance, this article will be updated.

Reference(s)