Steps to Apply Microsoft Patch to Addressed Meltdown and Spectre Vulnerability on Traps Agents

Printer Friendly Page
  1. Coverage for the Meltdown and Spectre vulnerabilities: Traps anti-exploitation mechanisms will not protect against exploiting of these vulnerabilities. The disclosed vulnerabilities are memory read vulnerabilities. They do not cause code execution. For an attacker to use these vulnerabilities, there likely would have been an initial attack phase that Traps may be able to prevent (e.g. a malicious EXE attempts to exploit the vulnerabilities).

    For more information on Microsoft’s updates, please see Microsoft Security Advisory ADV180002 Guidance to mitigate speculative execution side-channel vulner...

    Note that these vulnerabilities are memory read vulnerabilities; they do not cause code execution. For an attacker to use these vulnerabilities in an attack, they would have to have already executed a successful initial attack that Traps may be able to prevent (e.g. a malicious EXE attempts to exploit the vulnerabilities).


  2. Compatibility: All the currently supported product lines (3.4, 4.0, and 4.1) were tested running on all the supported Operating System versions and certified to be compatible with the Microsoft Security updates. Note that the tests were performed on both physical and virtual machines.

    Find more information around Supported Operating Systems and Platforms on our Compatibility Matrix.
    https://www.paloaltonetworks.com/documentation/global/compatibility-matrix/traps/where-can-i-install...

    Microsoft patch
    : Traps is compatible with the patches Microsoft released to fix CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754 vulnerabilities.
     

    Apple patch: Traps is compatible with macOS High Sierra 10.13.2 Supplemental Update including security improvements to Safari and WebKit to mitigate the effects of CVE-2017-5753 and CVE-2017-5715.

  3. Installing the Patch: Traps  4.0.5-h1, Traps 4.1.2-h1, and later automatically set the registry key Microsoft requires to be present for their security updates to install successfully.

    For more information on this registry key, please see Microsoft Knowledge Base Article 4072699.

 

Customers requiring assistance with the upgrade, or assistance with older versions can reach out to the Palo Alto Networks Support team. Find the Support contact for your region at https://www.paloaltonetworks.com/company/contact-support

 

Change Log

 

Friday, Jan. 12, 2018

  • Post updated to include the note at the bottom of the article regarding a forthcoming update.

Tuesday, Jan. 23, 2018

  • Updated with information about the new releases that allow Windows to install the patches automatically.

Friday, Jan. 26, 2018

  • Updated to clarify information around the Microsoft Windows registry key.
Comments

I noticed that the article has been edited.

"by JacqTo yesterday - edited 12m ago by pcortese"

Please, on items like this, add comments so we know what you are changing, in case we are already moving forward with old data that has been removed or revised.

I'm confused on two points,

 

1. Are we required to manually Unregister Traps from Microsoft Security Center in order to patch? 

 

As per Microsoft, "Microsoft is only offering the Windows security updates released on January 3, 2018 to devices running anti-virus software from partners who have confirmed their software is compatible with the January 2018 Windows operating system security update." ... 

 

2. Has Traps been verified with Microsoft as being compatible?

There is no confusion.

Traps is compatible to the patch, paloalto tested it. But Microsoft does not allow to update if a AV is installed in general for this patch. At the moment they do not distinguish between the AV vendors. Perhaps paloalto can set the compatibility flag in future. Or MS would set if they have the information from the AV vendors.

 

i hope this helped

Fabio

Check out this list for AV vendor compatibility...

 

hxxp://myitforum.com/myitforumwp/2018/01/09/the-master-list-of-antivirus-compatibility-with-microsofts-meltdownspectre-patches/

 

Heath

Please tell us there is an upcoming traps update/policy/etc that will set this compatibility flag. Some of our devices we don't have registry control over.

why does Palo not set the compat flag?  We are told to get rid of our AV and traps is fine as a standalone AV product.  It even shows up in MSC now.  

 

So act like a real AV vendor and set the flag if your software is compatible..

Ask Questions Get Answers Join the Live Community
Version history
Revision #:
16 of 16
Last update:
‎01-26-2018 11:41 PM
Updated by: