On Jan. 3, 2018, researchers released details of a vulnerability – CVE-2017-5754, referred to as "Meltdown" – that affects modern microprocessor architectures. FireEye tested the supported versions of our Endpoint Security Agent with the Microsoft update for Meltdown and confirmed the update doesn’t affect the abilities of the agent, and that there are no compatibility issues with the update.
For customers that have installed (or are considering installing) the FireEye Endpoint Security Agent v26 or above, you may need to take additional steps to ensure that the Microsoft patch for Meltdown is successfully applied. As described in the Microsoft Support article, the Meltdown update will not be applied if a security product has registered with the Security Center, unless a registry key value described in the support article is set. The FireEye Endpoint Security Agent v26 or above registers with the Security Center and therefore could potentially cause the operating system to prevent installation of the update. FireEye recommends the following:
- Work with the vendors of all installed endpoint security applications to confirm compatibility before installing the Meltdown update.
- Set the registry key as described in the KB4056892 Microsoft Support article. Since this is a global registry key, we are not automatically setting the key as it may impose on other applications.
- Install the January 2018 Windows security update, which can be retrieved from the Windows Catalog.
Microsoft has provided additional information and recommended actions, and you can also learn more by referring to the Windows Client Guidance for IT Pros to protect against speculative execution side-channel vulnerabilities.