This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cliets show againt 5.7.220 what's meen?

Hi,

it's correct that my clients show again 5.7.220 auto update version? It yes when they'll receive the update releted to #meltdown #spectre  5.7.533 (community.sophos.com/.../128060)

My subscription is Recommended.

Thanks 

Marco



This thread was automatically locked due to age.
Parents Reply Children
  • Hi,

    The groups used for this update are not a permanent setup, just part of this roll out. Please note this is not a Sophos patch or anything that adds protection for these exploits. All our update does is adds the registry key that Microsoft have asked AV vendors to add once they confirm that are compatible with their patch. Sophos confirmed all our products were compatible with the patch Thursday 4th last week, at which point you could set the registry key yourself and deploy it to all your endpoints via a GPO for example.

    Further to this the Microsoft patch is just the first step to protect your systems against these vulnerabilities, for servers there are 3 additional registry keys that need to be set according to Microsoft and these are not being set by AV vendors. There will also be firmware upgrades for the different Intel/AMD/ARM chips involved (most not released yet). 

    For everyone reading this post, the Meltdown and Spectre exploits are not a simple patch and forget situation, resolving these will require multiple patches/upgrades from Microsoft/Apple/Linux as well and the firmware upgrades from Intel/AMD/ARM and others. Please ensure you are reading all the advice carefully. Sophos has published 3 articles on this:

    Main article: Advisory: Kernel memory issue affecting multiple OS (aka F**CKWIT, KAISER, KPTI, Meltdown & Spectre)

    Checking our update: Kernel memory issue affecting multiple OS: How to confirm you have the Sophos update

    Naked Security blog (technical details): F**CKWIT, aka KAISER, aka KPTI – Intel CPU flaw needs low-level OS patches