Meltdown/Spectre Vulnerability Management Content Released

 

To help our customers understand the impacts and respond to Meltdown and Spectre, we have worked feverishly to develop this content set described below.

Download Location:

This content is available through your TAM or Tanium Labs.

You can reference Tanium Labs information form our docs here: https://docs.tanium.com/platform_user/platform_user/console_solutions.html.

 2018-01-11_12-38-03.png

Sensors/Saved Questions:

AV Compatible With Speculative Execution Fix Registry Key State Set

Checks for the registry key required by Microsoft for anti-virus vendors to apply operating system patches for the meltdown/spectre vulnerabilities. 

https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software

 

Meltdown Spectre Vulnerability

Leverages Microsoft published PowerShell scripts to verify speculative execution protections statuses.

 

Client - https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in 

Server - https://support.microsoft.com/en-ca/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution

 

Speculation Control

Leverages same Microsoft scripts used in "Meltdown Spectre Vulnerability" sensor with alternate results.

 

Windows Server Speculative Execution Fix Enabled Registry Key Status

Checks for the registry keys to enable the mitigations on Windows servers. Make sure that the system is restarted for the changes to take effect.

 

 

Packages:

Disable AV Compatible With Speculative Execution Fix

Removes the registry key required by Microsoft to apply operating system patches for the meltdown/spectre vulnerabilities.

 

Disable Speculative Execution Fix On Windows Server

Removes the registry key required by Microsoft to enable the mitigations on Windows servers.

 

Enable AV Compatible With Speculative Execution Fix

Adds the registry key required by Microsoft to apply operating system patches for the meltdown/spectre vulnerabilities.

 

Enable Speculative Execution Fix On Windows Server

Modifies the registry key required by Microsoft to enable the mitigations on Windows servers.

 

 

Dashboards:

Meltdown-Spectre Vuln Status

Consists of all the sensors/saved questions above in a single dashboard. It should appear in the main Tanium Interact/Tanium Console under "Other Dashboards".

Meltdown-Spectre_Vuln_Status_Content_Set_Dashboard.png

Have more questions? Submit a request