The Spectre-Meltdown CPU design flaws continue to make news. CrowdStrike® security expert Alex Ionescu addressed these flaws in a recent blog, explaining that Spectre-Meltdown actually represents three separate vulnerabilities. Ionescu goes on to outline actions CrowdStrike Falcon® platform customers should take in applying the appropriate Windows patches to their endpoints to mitigate vulnerabilities. Customers were also assured that CrowdStrike was pursuing further steps to ensure all customer endpoints are protected.
As promised, CrowdStrike has worked to expand its assistance to customers in the face of this global cyber threat, including adding a dashboard that provides scan-less, real-time visibility into the OS and CPU microcode patch status of the Spectre (Variant 2) and Meltdown (Variant 3) flaws. This dashboard, available to Falcon platform customers, also shows the patches’ impact on performance across the enterprise. A screenshot of this new dashboard is included in this article (click on the link under the screenshot above to see a larger image).
How Spectre-Meltdown is Addressed Within the Falcon Platform
- CrowdStrike has issued two separate Windows sensor updates with functionality that will help customers in their efforts to manage Spectre-Meltdown. On Monday, Jan. 8, the Windows sensor was updated (release 3.9.6008) so that it automatically sets the registry keys to enable Windows to download appropriate Microsoft updates for addressing Spectre-Meltdown.
- On Monday, Jan. 15, CrowdStrike issued a Windows sensor (release 3.9.6009) that supports visual dashboards in the Falcon management console, showing all patched and unpatched systems — providing immediate visibility across endpoints and enabling users to optimize patching efforts as they work to protect their organizations.
- CrowdStrike Falcon customers can find details on these releases within the section of the management console titled, “Latest Product News,” together with the appropriate release notes. Customers can login into the Falcon console and access the dashboard here.
How the Falcon Platform is Capable of Mitigating Exploitation of the Spectre-Meltdown Flaws
CrowdStrike customers benefit from the Falcon platform’s built-in exploit and behavioral blocking features and are able to patch their systems with no effect on their protection. Although there is currently no evidence of any exploits directly leveraging the Spectre-Meltdown vulnerabilities, attackers seeking to exploit them would be detected by Falcon’s behavioral indicators of attack (IOAs).
Currently, all released versions of Falcon are fully compatible with the Windows, Mac, and Linux patch updates provided by the respective operating system vendors. Please note: Windows users who are using another antivirus software alongside Falcon and have registered the other vendor as their current antivirus need to verify patch compatibility with that vendor.
To learn more about the CrowdStrike Falcon platform, Contact CrowdStrike or call: 1.888.512.8906.