Note: This article applies only to Symantec enterprise software and hardware products. For information regarding Norton products, see Meltdown and Spectre vulnerabilities affect billions of devices on Norton.com.
- Symantec software products
- Symantec Network Protection hardware products
- Additional information
On January 2, 2018, reports surfaced of a serious design flaw in Intel CPUs that could permit attackers to gain unathorized access to a computer's memory. Named "Meltdown" and "Spectre", these vulnerabilties require an update at the operating system level to fix.
All modern computers with Intel chips reportedly produced in the last 10 years appear to be affected, including those running Windows and Linux.
Symantec software products
Are Symantec software products affected by Meltdown and Spectre?
In response to these vulnerabilities, Microsoft released an emergency security update for Windows on January 3, 2018. In addition, Microsoft published a statement regarding potential compatibility issues between the update and multiple antivirus vendors' software. For certain Symantec products, the Microsoft patch conflicts with Symantec's ERASER (Expanded Remediation And Side Effect Repair) engine, which may result in stop (bluescreen) errors.
On January 4, 2018, Symantec published an ERASER Engine update (18.104.22.1688) to address compatibility issues with Microsoft's security update.
To receive the Symantec ERASER Engine update, immediately run LiveUpdate.
Which Symantec software products are affected?
- Symantec Advanced Threat Protection (ATP) Platform
- Symantec Cloud Workload Protection (CWP)
- Symantec Data Loss Prevention (DLP)
- Symantec Email Security.cloud
- Symantec Encryption products
- Symantec Endpoint Protection (SEP)
- Symantec Endpoint Protection Cloud (SEP Cloud)
- Symantec Endpoint Protection Small Business Edition (SEP SBE)
- Symantec Data Center Security (DCS)
- Symantec VIP
- Symantec Web Security.cloud
Symantec Network Protection hardware products
Are Symantec Network Protection hardware products affected by Meltdown and Spectre?
Symantec Network Protection hardware products, which run on an affected CPU chipset and execute arbitrary code from external sources, are susceptible to several information disclosure vulnerabilities (aka Meltdown and Spectre attacks).
A remote attacker, with the ability to execute arbitrary code locally on the target, can obtain sensitive information from the memory spaces of the same userspace application, other userspace applications, the operating system, or a VM hypervisor.
Learn about ITMS patch support for 3rd-party Meltdown (CVE-2017-5754) mitigation, which can be delivered using Symantec Patch Management Solution.
- January 12, 2018
- Added status link for Advanced Threat Protection (ATP) Platform, under the Symantec software section.
- Formatting changes to improve article readability.
- January 11, 2018
- January 10, 2018
- Added status links for Symantec Endpoint Protection 14.1 Cloud Console, Symantec Email Security.cloud, Symantec VIP, and Symantec Web Security.cloud, under the Symantec software section.
- January 9, 2018
- Added additional Symantec software products and updated status links.
- Moved Symantec Endpoint Protection troubleshooting information to a new, separate article.
Added information regarding Windows registry key modifications for Symantec Endpoint Protection, under the Symantec software section.Moved to INFO4797.
- January 8, 2018
- January 5, 2018
- Symantec has released detections for attempts to exploit the Multiple CPU Hardwares Information Disclosure Vulnerability (CVE-2017-5753/Spectre). See Exp.CVE-2017-5753.