This document covers SentinelOne’s response to exploit flaws described in CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754.
SentinelOne products are compatible with Microsoft’s January 3, 2018, security updates. We tested our Agent against Microsoft’s patch. No incompatibilities causing any stop errors or other issues were found with SentinelOne agent versions 1.8.4, 2.0, 2.1 and 2.5.
Overview
Microsoft, Google, Linux RedHat and Amazon have all acknowledged a new, publicly disclosed class of vulnerabilities referred to as “speculative execution side-channel attacks,” which affect many modern processors and operating systems including Intel, AMD, and ARM. This issue may also affect other systems, such as Android, Chrome, iOS, MacOS.
Possible collision with security applications
Microsoft has identified a compatibility issue with a small number of anti-virus software products.
The compatibility issue is caused when security applications make unsupported calls into Windows kernel memory. These calls may cause stop errors (also known as blue screen errors) that make the device unable to boot. As mentioned, SentinelOne products are compatible with Microsoft January 3, 2018, security updates. We tested our Agent against Microsoft’s patch and found no incompatibilities causing any stop errors or other issues.
The way Microsoft ensures that all security applications are compatible is by blocking their patch for any Microsoft customer that does not have the below registry key installed.
The impact on SentinelOne customers
-
Customers running a SentinelOne agent on Windows will require a new Microsoft Windows registry key to allow the Windows Update to occur automatically.
Key=”HKEY_LOCAL_MACHINE” Subkey=”SOFTWARE\Microsoft\Windows\CurrentVersion\ QualityCompat” Value=”cadca5fe-87d3-4b96- b7fb-a231484277cc” Type=”REG_DWORD”
Important: As the registry key is global for the system, SentinelOne suggests that customers add the registry only after ensuring that all other security applications running on their devices are also compatible with the MS patch. -
Customers may download the update packages directly from the Windows Update catalog if they are not offered the update through Windows Update.
Customers that have additional questions may reach out to their customer success representative for more details.