Meltdown and Spectre – Update I

United States
North America

Canada (FR)

Canada (EN)

Mexico

United States

South America

Argentina

Brasil

Chile

Colombia
Europe

Belgium (FR)

Belgium (NL)

Česká republika

Denmark

Europe

Suomi

France

Deutschland

Hebrew

Hungary (EN)

Hungary (HU)

Ireland

Italia

Nederland

Norge

Polska

Россия

España

Sverige

Schweiz

Türkiye

United Kingdom
Middle East / Africa

Middle East, North Africa

Africa

Asia / Pacific

Australia / New Zealand

中国

Greater Asia

India

Indonesia

日本

Korea

Malaysia

Philippines

Singapore

Thailand

Vietnam
Login

Jan 12, 2018

Bulletins

LOW

BD is currently monitoring the Meltdown and Spectre vulnerabilities. While these vulnerabilities are hardware-based, they impact multiple operating systems. A flaw in computer processing units (CPU) could allow malicious software to gain access to other processes and data on any impacted computer or server, including cloud applications. These vulnerabilities are not exclusive to BD or medical devices. They potentially affect every computer and/or device with a CPU, specifically certain Intel™ chips, AMD™ and ARM processors.

As a result of these events, BD recommends the following for systems with a vulnerable CPU and an unpatched operating system with any form of network connectivity to minimize risk and impact:

- Ensure the following patches have been applied to your devices:
  - Microsoft Advisory: Apply patches for ADV180002, updated January 2018.
  - As part of our ongoing efforts to provide security, reliability and availability for your BD products, we test and approve applicable Microsoft patches that Microsoft identifies as being Critical or Security related. BD is expediting validation efforts for the Microsoft patches released for Meltdown and Spectre vulnerabilities. As part of this validation, BD will evaluate any system performance impact.
- Apply any applicable firmware update provided by your device manufacturer.
- Ensure your data has been backed up and stored according to your individual process and that your disaster recovery procedures are in place.
- Physical access should be limited to authorized individuals
- Update your malware protection, where available.

Customers that maintain patches independent of BD automated delivery should ensure these actions are performed as the acting responsible entity in order to maintain the correct security posture of the system(s). Software patches addressing Meltdown and Spectre may result in the slowdown of affected systems. When deploying any such software patches, be sure to prioritize and test updates as necessary to assess potential performance impact.

Note: Intel has released a statement noting these exploits do not have the potential to corrupt, modify or delete data.

BD has assessed these vulnerabilities and identified the risk to have a low-impact. Any attack would require local or physical access, the difficulty in exploiting these vulnerabilities is high and the vulnerabilities do not have the potential to corrupt, modify, or delete data.
BD has provided a list of products in scope in order to better help our customers identify any BD products with a CPU that has the potential to be vulnerable to these threats. The list of BD products in scope is currently dynamic and will be updated as we complete analysis of products in scope.

For product or site-specific concerns, contact your BD service representative. We will update this communication as new information becomes available.
For procedures specific to your product, contact your BD service representative. If you observe symptoms of a ransomware attack, disconnect your system from the network and contact your BD service representative and/or BD Product Security at ProductSecurity@bd.com.