- The Intel chip vulnerability triggered Spectre and Meltdown – information leakage vulnerabilities.
- With the advent of the Microsoft Windows patch, it’s important to upgrade Bromium first to keep your security intact.
- Micro-virtualization can really help mitigate the effects; even when dealing with kernel vulnerabilities.
We asked our founder, Ian Pratt, to talk to us about Spectre, Meltdown and what this means to the industry and to Bromium customers. He also wrote up these notes to accompany the video. This is part three of a three-part series (see part one and part two). We have a blog with information for Bromium customers – the most important thing is to make sure you get the Bromium upgrade before you patch Windows – and we’re here to help if you have additional questions.
We’ve long encouraged our customers to upgrade their Bromium Secure Platform to version 4.x to gain better performance and an improved end user experience. If you’ve been waiting to do that, now is the time. The patch issued by Microsoft aimed at mitigating the vulnerabilities caused by the Intel design flaw requires a Bromium upgrade. Here’s why.
The work that the OS vendors are doing to mitigate Meltdown is unprecedented, and requires a major change to the way that virtual memory is implemented by the operating system. These changes are far reaching and have been shown to cause compatibility issues with plenty of applications, perhaps most notably Symantec AV.
The Bromium upgrade is worth the effort.
These changes have impacted us, most significantly on Windows 10. If the Meltdown mitigation is installed on a machine running Bromium 4.0 Update 3 or earlier, Bromium products will go into recovery mode and will not be able to create micro-VMs. If configured in fail-open mode, the user will still be able be able to browse and open documents, just without the benefit of Bromium isolation. If fail-safe mode is configured, which is typically used by very security-sensitive customers, the user will not be able to browse.
Windows 7 users need not update immediately, but Windows 10 users should download and install the Bromium 4.0 Update 4 upgrade to solve the compatibility with the Meltdown mitigation.
This upgrade will be available shortly. We will be sending Bromium customers an email as soon as it’s ready. If you’d like to know more, please contact our customer support team.