Meltdown and Spectre – Update I
BD is currently monitoring the Meltdown and Spectre vulnerabilities. While these vulnerabilities are hardware-based, they impact multiple operating systems. A flaw in computer processing units (CPU) could allow malicious software to gain access to other processes and data on any impacted computer or server, including cloud applications. These vulnerabilities are not exclusive to BD or medical devices. They potentially affect every computer and/or device with a CPU, specifically certain Intel™ chips, AMD™ and ARM processors.
As a result of these events, BD recommends the following for systems with a vulnerable CPU and an unpatched operating system with any form of network connectivity to minimize risk and impact:
Customers that maintain patches independent of BD automated delivery should ensure these actions are performed as the acting responsible entity in order to maintain the correct security posture of the system(s). Software patches addressing Meltdown and Spectre may result in the slowdown of affected systems. When deploying any such software patches, be sure to prioritize and test updates as necessary to assess potential performance impact.
Note: Intel has released a statement noting these exploits do not have the potential to corrupt, modify or delete data.