On January 2, 2018, reports surfaced of several serious design flaws in modern computer processor architectures including Intel, AMD, and ARM (CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754). These flaws have existed for many years and make all modern computers – servers, desktops, laptops, and mobile devices – vulnerable to attack. Windows, Mac, iOS, Android, and Linux devices all appear to be affected to some extent.
To address these vulnerabilities, updates are required at the operating system level. Microsoft released an emergency update for Windows and published a statement regarding potential compatibility issues between the update and multiple antivirus vendors’ software.
Actions taken by Symantec
To respond to the compatibility issue with the Microsoft update, Symantec published an ERASER Engine update (220.127.116.118) on January 4, 2018. Note that Microsoft implemented a check to verify the ERASER engine version that is currently loaded, and the Microsoft update only becomes available after the ERASER engine update has been applied. For more information about this solution, see this Symantec KB article: http://www.symantec.com/docs/TECH248550
Action required by customers
No action is required by Symantec Endpoint Protection Small Business Edition customers at this time other than ensuring that your operating systems are fully patched.