Product Security Bulletin for DejaBlue

United States
North America

Canada (FR)

Canada (EN)

Mexico

United States

South America

Argentina

Brasil

Chile

Colombia
Europe

Belgium (FR)

Belgium (NL)

Česká republika

Denmark

Europe

Suomi

France

Deutschland

Hebrew

Hungary (EN)

Hungary (HU)

Ireland

Italia

Nederland

Norge

Polska

Россия

España

Sverige

Schweiz

Türkiye

United Kingdom
Middle East / Africa

Middle East, North Africa

Africa

Asia / Pacific

Australia / New Zealand

中国

Greater Asia

India

Indonesia

日本

Korea

Malaysia

Philippines

Singapore

Thailand

Vietnam
Login

Oct 30, 2019

Bulletins

BD is aware of and currently monitoring the Remote Desktop Services Remote Code Execution vulnerabilities. These vulnerabilities were announced on August 13, 2019 and affect systems that use Remote Desktop Services for Windows 7 SP1, Windows 10, Windows Server 2008 R2 SP1, Windows Server 2012 R2, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2019. Both can be exploited remotely and does not require user interaction nor authentication. To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP.

Similar to the Remote Desktop Services Remote Code Execution “Blue Keep” vulnerability announced in May 2019, an attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. These vulnerabilities are also capable of spreading from vulnerable device to vulnerable device. Please see BD’s previous response to Remote Desktop Services Remote Code Execution for more information.

BD has provided the list below in order to better help our customers identify any BD products with workstationsrunning with Remote Desktop Services on Windows 7 SP1, Windows 10, Windows Server 2008 R2 SP1, Windows Server 2012 R2, Windows Server 2012, Windows 8.1, Windows Server 2016, and Windows Server 2019. This list provided below is not comprehensive and may be updated as more products are identified. It does not indicate the patch or device status.

BD EpiCenter™
BD BACTEC™ BOW
BD MAX™
BD Assurity Linc™
BD COR™ system
BD Pyxis™ MedStation™ES
BD Pyxis™ SupplyStation™
BD Pyxis™ IV Prep, BD Pyxis™ Logistics
BD Alaris™ Systems Manager

BD has had no reports of this vulnerability being exploited on a BD product, and is currently working to test and validate the Microsoft patch for BD products that use the affected third-party components. Please see the Product Security Patching website for all approved product security patching notifications. Additionally, BD recommends the following for systems that use Remote Desktop Services for Windows 7 SP1, Windows 10, Windows Server 2008 R2 SP1, Windows Server 2012 R2, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2019.

Enable Network Level Authentication (NLA) option in RDP server configuration.
Ensure data has been backed up and stored according to your individual processes and disaster recovery procedures
Execute updates to malware protection, where available

Customers that maintain patches independent of BD automated delivery should ensure these actions are performed as the acting responsible entity in order to maintain the correct security posture of the system(s).

Ensure the following Microsoft patches have been applied:
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1181
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182

For product or site-specific concerns, contact your BD service representative. If you observe symptoms of this attack, disconnect your system from the network and contact your BD service representative immediately.

https://www.us-cert.gov/ncas/current-activity/2019/08/14/microsoft-releases-security-updates-address-remote-code-execution