true
Product Security Bulletin for Microsoft Internet Explorer CVE-2019-1367

Background

BD is aware of and currently monitoring the Microsoft Internet Explorer vulnerability. Microsoft announced this vulnerability on September 23, 2019, which impacts systems that use Internet Explorer versions 9, 10, and 11. The vulnerability could allow an attacker to perform code execution in the context of the current user. If the current user has administrative privileges, the attacker may be able to take full control of the target’s system.

An attacker who successfully exploits this vulnerability could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability successfully, an attacker would need to host the exploit on a malicious website and persuade the user to open the malicious website, through a social engineering tactic such as a phishing email.

Products in Scope

BD has provided the list, below, in order to better help our customers identify any BD products with workstations running Internet Explorer versions 9, 10, and 11. This list provided below is not comprehensive and may be updated as more products are identified. It does not indicate the patch or device status.

  • BD Accuri™
  • BD Assurity Linc™
  • BD BACTEC™ BOW*
  • BD BACTEC™ FX*
  • BD BACTEC™ FX40*
  • BD COR™ System*
  • BD DataLink
  • BD EpiCenter™
  • BD Focal Point™*
  • BD FACSAria™
  • BD FACS Canto™
  • BD FACSCelesta™
  • BD FACSJazz™
  • BD FACSLyric™
  • BD FACSMelody™
  • BD FACSSample Prep Assistant™
  • BD FACSymphony™
  • BD FACSVerse™
  • BD FACSVia™
  • BD Influx™
  • BD Knowledge Portal™
  • BD Kiestra™ InoqulA*
  • BD Kiestra™ TLA*
  • BD Kiestra™ WCA*
  • BD LSR II™
  • BD LSRFortessa™
  • BD MAX™*
  • BD MedMined™
  • BD Phoenix™ M50*
  • BD Totalys™ Multiprocessor*
  • BD Totalys™ SlidePrep*
  • BD Viper LT™*

Note: *While these products are in scope, exposure to this vulnerability is limited as these devices are not connected to the internet and should be either stand alone or on an isolated, segmented network (Per the Directions for Use).

Response

BD has had no reports of this vulnerability being exploited on a BD product, and is currently working to test and validate the Microsoft patch for BD products that use the affected third-party components. Please see the Product Security Patching website for all approved product security patching notifications. Additionally, BD recommends the following systems that use Internet Explorer versions 9, 10, and 11 to:

  • Ensure data has been backed up and stored according to your individual processes and disaster recovery procedures.
  • Execute updates to malware protection, where available

Customers that maintain patches independent of BD automated delivery should ensure these actions are performed as the acting responsible entity in order to maintain the correct security posture of the system(s).

Additional Resources

For product- or site-specific concerns, contact your BD service representative. If you observe symptoms of this attack, disconnect your system from the network and contact your BD service representative immediately.

https://support.microsoft.com/en-us/help/4524135/cumulative-security-update-for-internet-explorer