Announcing the latest news regarding the Meltdown and Spectre vulnerabilities and how the university may be affected.
By now you’ve almost certainly heard about some newly announced vulnerabilities (Meltdown
and Spectre) affecting practically all modern computers and mobile devices.
If you're confused, you’re not alone. The 2 names describe 3 vulnerabilities across
multiple chipsets on most operating systems–most of which require individualized mitigations
with varying side effects, some of which are already available.
We are actively monitoring developments to determine what actions will be necessary;
however, due to widespread speculation and misinformation, we will use this page to share
relevant updates with you. Please understand that new information is constantly coming
out, and bear with us as we wade through it all to determine which pieces constitute
an announcement.
USC is not uniquely vulnerable, and no active threats have been observed. Therefore,
the best guidance is to adhere to the patching standard (apply security updates within
30 days of release).
- We STRONGLY ADVISE thoroughly testing the OS and browser updates against all the hardware/software configurations you manage prior to full deployment.
- We also STRONGLY ADVISE rollback planning and testing.
UPDATES
| January 11th - 10 am | Symantec is targeting a release date no later than January 17th for the hotfix that will fully correct the issues caused by the Meltdown/Spectre patches. The hotfix is in the form of a new version of Symantec Endpoint Protection and will require upgrading the server and then distributing the client upgrade via the SEP Manager or via BigFix. |
| January 9th - 10 am | Systems need to be verified that the registry key is present as described in the KB4056892 Microsoft Support article. If the registry key is not present, it will need to be added manually. |
| January 9th - 9 am | After applying Microsoft Windows Security Updates released on January 3rd, 2018, the Symantec Endpoint Protection (SEP) system tray icon reports there are multiple problems. This issue has no functional impact on the protection technology of the SEP client. However, Symantec plans to release a hotfix to address the issue. |
| January 9th - 9 am |
WinMagic SecureDoc is currently testing. According to them, "Based on our initial assessments, WinMagic SecureDoc customers are believed to be no more at risk by this vulnerability than non-WinMagic customers." |
| January 8th - 1 pm | New Symantec Endpoint Protection issue with the Windows hotfixes. |
| January 8th - 8 am | FireEye Endpoint Security Agent is Compatible with the Meltdown Windows Security Update. |
| January 5th - 11 am | When asked whether Spirion clients or console are affected, Spirion support stated, "No, those are hardware and Operating System issues, not issues of an application." |