메인 콘텐츠로 이동
  • 빠르고 간편하게 주문
  • 주문 보기 및 배송 상태 추적
  • 제품 목록을 생성 및 액세스

Microprocessor Side-Channel Vulnerabilities "Meltdown" and "Spectre" (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754): Impact on Dell Data Security Solutions

요약: Dell Data Security and the Impact of Meltdown and Spectre.

이 문서는 다음에 적용됩니다. 이 문서는 다음에 적용되지 않습니다. 이 문서는 특정 제품과 관련이 없습니다. 모든 제품 버전이 이 문서에 나와 있는 것은 아닙니다.

증상

The vulnerabilities that are known as Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5715 /CVE-2017-5753) have been discovered in the central processing unit (CPU) performance feature called speculative execution. Systems with microprocessors using speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access using a side-channel analysis of the data cache. This could lead to access to sensitive information stored in system memory.

The issue is not specific to any one vendor and takes advantage of techniques that are commonly used in most of the modern processor architectures. This means that a large range of products are affected from desktops and laptops to servers and storage, even smartphones. All customers should verify whether they are affected by going to the support sites of their hardware manufacturer. For Dell computers, affected computers can be found at: Meltdown/Spectre (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754) impact on Dell Products. More information about these vulnerabilities and responses from other vendors, go to https://meltdownattack.com This hyperlink is taking you to a website outside of Dell Technologies..

In general, there are two essential components that must be applied to mitigate the above mentioned vulnerabilities.

  1. Apply the processor microcode update using BIOS update per manufacturer instructions.
  2. Apply the applicable operating system updates according to the operating system vendor guidance.

All Dell Data Security customers with affected hardware (Dell or non-Dell in origin) must apply the recommended remediation as outlined by their manufacturer. The Dell Data Security software may help prevent exploits from being successful, but is not a substitute for taking the manufacturer’s recommended steps for remediation.

원인

Not Applicable

해결

Click either the Dell Encryption or Dell Threat Protection tab for specific information about product version compatibility.

Instructions for Dell Encryption customers (Dell Encryption Personal and Enterprise or Dell Data Guardian) are below. Select the appropriate operating system for your environment.

Microsoft January 2018 update release contains a series of updates to help mitigate exploitation by the Meltdown/Spectre vulnerabilities. For more information about Microsoft’s response to Meltdown and Spectre, go to https://support.microsoft.com/en-us/help/4073757 This hyperlink is taking you to a website outside of Dell Technologies..

Dell Data Security has validated compatibility against the latest set of Microsoft patches from January 2018 with:

  • Dell Encryption Enterprise v8.17 or later
  • Dell Encryption Personal v8.17 or later
  • Dell Encryption External Media v8.17 or later
  • Dell Encryption Enterprise for Self-Encrypting Drives (EMAgent) v8.16.1 or later
  • Dell Encryption Personal for Self-Encrypting Drives (EMAgent) v8.16.1 or later
  • Dell Encryption BitLocker Manager (EMAgent) v18.16.1 or later
  • Dell Full Disk Encryption (EMAgent) v18.16.1 or later
  • Dell Data Guardian 1.4 or later

Dell Data Security recommends ensuring your clients are on the validated version or later before applying the January 2018 patches.

For information about downloading the latest software version reference:

If the computer running a Dell Data Security solution also uses a malware prevention software, then Windows requires a registry key to allow updates to pull down automatically for the January 2018 Microsoft updates.

Note: Manual updates do not require the registry modification.

To add the registry key:

Warning: The next step is a Windows Registry edit:
  1. Right-click the Windows Start Menu and select Command Prompt (Admin).

Select Command Prompt (Admin)
Figure 1: (English Only) Select Command Prompt (Admin)

  1. If User Account Control (UAC) is active, click Yes to open command prompt. If UAC is disabled, go to step 3.

Click Yes
Figure 2: (English Only) Click Yes

  1. In the Administrator Command Prompt, type reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat /v cadca5fe-87d3-4b96-b7fb-a231484277cc /t REG_DWORD /d 0 /f and then press Enter.

Type reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat /v cadca5fe-87d3-4b96-b7fb-a231484277cc /t REG_DWORD /d 0 /f and then press Enter
Figure 3: (English Only) Type reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat /v cadca5fe-87d3-4b96-b7fb-a231484277cc /t REG_DWORD /d 0 /f and then press Enter

  1. Right-click the command prompt menu bar and then select Close.
Note:
  • Alternatively, registry modifications can be deployed in an enterprise environment using Group Policy Objects (GPO). For more information reference https://technet.microsoft.com/en-us/library/cc753092(v=ws.11).aspx This hyperlink is taking you to a website outside of Dell Technologies..
  • Dell ProSupport does not support the creation, management, or deployment of GPOs. For support, contact Microsoft directly.
Mac

Apple has released mitigations to address Meltdown in macOS High Sierra 10.13.2.

More information about this patch can be found at https://support.apple.com/en-us/HT208394 This hyperlink is taking you to a website outside of Dell Technologies..

Dell Data Security validated against macOS High Sierra 10.13.2 with Dell Encryption Enterprise for Mac 8.16.2.8323. This build is available through Dell Data Security ProSupport.

Dell Data Security has validated compatibility against the latest set of Microsoft patches from January 2018 and the fixes that are contained in Apple macOS High Sierra 10.13.2 with:

  • Dell Endpoint Security Suite Enterprise v1441 or later
  • Dell Threat Defense v1442 or later
  • Dell Endpoint Security Suite Pro v1.6.0 or later (Microsoft Windows only)

For more information about product versioning reference:

For information about downloading the latest software reference:

For more information about specific system requirements reference:

Microsoft requires a registry modification to any windows computer running malware prevention software (for example: Dell Endpoint Security Suite Enterprise, Dell Threat Defense, or Dell Endpoint Security Suite Pro) before automatically updating for Meltdown or Spectre.

Note: Manual updates do not require the registry modification.

To add the registry key:

Warning: The next step is a Windows Registry edit:
  1. Right-click the Windows Start Menu and select Command Prompt (Admin).

Select Command Prompt (Admin)
Figure 4: (English Only) Select Command Prompt (Admin)

  1. If User Account Control (UAC) is active, click Yes to open command prompt. If UAC is disabled go to step 3.

Click Yes
Figure 5: (English Only) Click Yes

  1. In the Administrator Command Prompt, type reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat /v cadca5fe-87d3-4b96-b7fb-a231484277cc /t REG_DWORD /d 0 /f and then press Enter.

Type reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat /v cadca5fe-87d3-4b96-b7fb-a231484277cc /t REG_DWORD /d 0 /f and then press Enter
Figure 6: (English Only) Type reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat /v cadca5fe-87d3-4b96-b7fb-a231484277cc /t REG_DWORD /d 0 /f and then press Enter

  1. Right-click the command prompt menu bar and then select Close.
Note:
  • Alternatively, registry modifications can be deployed in an enterprise environment using Group Policy Objects (GPO). For more information reference https://technet.microsoft.com/en-us/library/cc753092(v=ws.11).aspx This hyperlink is taking you to a website outside of Dell Technologies..
  • Dell ProSupport does not support the creation, management, or deployment of GPOs. For support, contact Microsoft directly.

To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.

해당 제품

Dell Data Guardian, Dell Encryption, Dell Protected Workspace, Dell Security Tools, Dell Threat Defense, Dell Endpoint Security Suite Pro, Dell Endpoint Security Suite Enterprise
문서 속성
문서 번호: 000125160
문서 유형: Solution
마지막 수정 시간: 23 1월 2024
버전:  9
다른 Dell 사용자에게 질문에 대한 답변 찾기
지원 서비스
디바이스에 지원 서비스가 적용되는지 확인하십시오.