ATTENTION NETWORK SERVICES MANAGED CLIENTS
CU*Answers Network Services has been researching the recently announced family of CPU vulnerabilities known as Spectre/Meltdown. We have determined that the most recent security patch released by Microsoft is not yet compatible with Symantec Anti-Virus software.
Because of the incompatibility, we have delayed the installation of the January Microsoft security updates to your network.
What Are We Doing?
- We have placed a HOLD on the release of Microsoft updates to your network
- We are working with Symantec to understand when they will have an update to their software that is compatible with Microsoft’s January security patch.
- Once Symantec releases a compatible update, we will apply it to your network.
- After we verify that the Symantec updates have been deployed we will apply the Microsoft January security patches that include fixes for the Spectre/Meltdown vulnerabilities
- Clients Due to other compensating controls, CU*Answers believes the risk to networks from Spectre/Meltdown is low. We are unaware of any actual attacks using this vulnerabilities nor are we aware of actual exploit code being available to would-be attackers.
- We do not think the group of patches that have been rushed out by vendors will be 100% effective in protecting against Spectre/Meltdown and we fully expect additional patches will be released in the coming months as researchers continue to understand new ways these vulnerabilities could be exploited.
- You will still need to apply updates to your non-Microsoft network. You should be reviewing your mobile devices, video recording systems, ATMs, and other devices that use computer processors (CPUs) and understand the vendor’s approach to Spectre/Meltdown mitigation.
We will send another announcement when we have vetted the updates and are ready to apply them to your network. If you have questions, please contact the Help Desk at extension 266, or by email.