Security Update for All Sophos Customers
Sophos wants to make you aware of the memory isolation issues affecting Intel, AMD, and ARM processors and what actions you can take now. The flaw enables attack code to read anything in memory, which could lead to data or credential theft. The vulnerability is known by names such as Meltdown, Spectre, KPTI, KAISER and F**CKWIT. Patches were released by Microsoft, Linux, and other platforms on Jan 3, 2018. Because exploitation requires the execution of some form of attack code, Sophos products, which do not allow for any form of unauthorized code execution, are not at a high risk of attack.
Sophos Endpoint Security Products
Given that OS mitigations of the hardware vulnerability potentially impacts system stability and performance, Microsoft is advising customers to contact your security vendor before applying the patch. The security vendor will:
Confirm if their security software is compatible with the Windows update, and if so
Distribute an updated version of the security vendor’s software that sets a specific registry key which enables the Windows update
Sophos has completed testing of Windows update and can confirm compatibility. We will begin to automatically add the registry key setting to the following Sophos products starting Jan 5, 2018:
Sophos Endpoint customers wishing to apply the patch now, ahead of the Sophos update, can set the registry key manually as described in the Microsoft article: ADV180002. Alternatively, you can manually download and apply the patch without the registry key.
Sophos Network Security Products
Sophos is currently validating the kernel updates for Linux and other operating systems that are the basis of the firmware for our network security products. Sophos will be making available any necessary fixes (updated firmware or equivalent images, etc) to the latest versions of our network security products listed below:
Sophos strongly recommends that if you are running a prior release of SFOS, SG, or CROS, you should upgrade to the latest version of SFOS. For all Sophos network security products please apply the latest maintenance releases to receive the patch when released.
For more information please read the following KBA on our support website: https://community.sophos.com/kb/en-us/128053.