Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Subscribers 5 subscribers
  • Views 7373 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos compatibility for MS KB405689X patches to address Meltdown vulnerability (and others)

G Mick

I have read through articles https://community.sophos.com/kb/en-us/128053 and https://community.sophos.com/kb/en-us/128060 but I'm still not clear on which version of Endpoint is compatible with the MS KB405689X Meltdown patches...

Our clients currently have Endpoint Security and Control version 10.7

Sophos Anti-Virus 10.7.2.49
On-access status Enabled
Detection engine 3.69.2
Detection data 5.46
Virus data date 28/11/2017

Also:

Sophos AutoUpdate 5.7.533
Last checked for updates 08/01/2018 15:56:43
Update status Success

Our definitions do include the necessary IDE files:

zbot-lvw.ide
netwi-md.ide
age-axyx.ide
pdfu-dwf.ide

I noticed we don't yet have the required registry entry "HKEY_LOCAL_MACHINE" Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat" Value="cadca5fe-87d3-4b96-b7fb-a231484277cc" Type="REG_DWORD”
Data="0x00000000”

... so I have manually added this to the registry of a test Win7 machine which then allowed deployment of patches KB4056894 and KB4056897

The machine doesn't appear to have any issues, but before rolling the reg value out to the estate in order to deploy the MS patches, is anybody able to confirm officially that the Sophos client version (shown above) is actually compatible with these MS patches?

Thanks



This thread was automatically locked due to age.
Parents
  • +1

    Hi,

    To clarify ALL Sophos product versions are compatible with the Microsoft patch, we do not have any reported issues at all. The update to our software is purely to automatically add the registry key requested by Microsoft to confirm our compatibility.

    I just added the below comment to a similar forum post:

     

    Please note this is not a Sophos patch or anything that adds protection for these exploits. All our update does is adds the registry key that Microsoft have asked AV vendors to add once they confirm that are compatible with their patch. Sophos confirmed all our products were compatible with the patch Thursday 4th last week, at which point you could set the registry key yourself and deploy it to all your endpoints via a GPO for example.

    Further to this the Microsoft patch is just the first step to protect your systems against these vulnerabilities, for servers there are 3 additional registry keys that need to be set according to Microsoft and these are not being set by AV vendors. There will also be firmware upgrades for the different Intel/AMD/ARM chips involved (most not released yet). 

    For everyone reading this post, the Meltdown and Spectre exploits are not a simple patch and forget situation, resolving these will require multiple patches/upgrades from Microsoft/Apple/Linux as well and the firmware upgrades from Intel/AMD/ARM and others. Please ensure you are reading all the advice carefully. Sophos has published 3 articles on this:

    Main article: Advisory: Kernel memory issue affecting multiple OS (aka F**CKWIT, KAISER, KPTI, Meltdown & Spectre)

    Checking our update: Kernel memory issue affecting multiple OS: How to confirm you have the Sophos update

    Naked Security blog (technical details): F**CKWIT, aka KAISER, aka KPTI – Intel CPU flaw needs low-level OS patches

  • 0 in reply to PeterM

    Many thanks Peter. This was just what I was looking for.

Reply Children
No Data
Unfiltered HTML