Bulletins
HIGH
BD is currently monitoring the Microsoft .NET Framework vulnerabilities, which affect any systems using certain authentication certificates within Single Sign-On (SSO) for specific Microsoft .NET Frameworks and additional Microsoft products*.
An attacker who successfully exploits the vulnerability CVE-2019-1083 could cause a denial of service attack. An attacker who successfully exploits the vulnerability CVE-2019-1006 could impersonate a user, which could lead to an elevation of user privileges and access to sensitive application data. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Note: Single Sign-On must be enabled to exploit these vulnerabilities.
BD has provided the list below in order to better help our customers identify any BD products with workstations associated with SSO running Microsoft .NET Frameworks, Windows 10, Window 7, Windows 8.1, Windows 8.1 RT, Windows Server 2008, Windows Server 2012, Windows 2016, Windows Server 2019, Microsoft Identity Model, and SharePoint platforms. This list provided below is not comprehensive and may be updated as more products are identified. It does not indicate the patch or device status.
- BD Care Coordination Engine™
- BD COR™ System
- BD HealthSight Analytics™
- BD Identity Management™
- BD Knowledge Portal™
- BD MedMined™
BD has had no reports of this vulnerability being exploited on a BD product. Patches for BD COR™ system have been tested, validated, and will be deployed during the next scheduled service visit. Patches for BD HealthSight Analytics™, BD Knowledge Portal™, and BD MedMined™ have been tested, validated, and deployed. Patches for BD Identity Management and BD Care Coordination Engine™ have been tested, validated and will be deployed via automated delivery. No customer action is required for those customers who utilize those specific products.
Additionally, BD recommends the following for systems that use Single Sign-On for Microsoft .NET Frameworks, Windows 10, Window 7, Windows 8.1, Windows 8.1 RT, Windows Server 2008, Windows Server 2012, Windows 2016, Windows Server 2019, Microsoft Identity Model, and SharePoint platforms.
- Ensure data has been backed up and stored according to your individual processes and disaster recovery procedures
- Execute updates to malware protection, where available
Customers that maintain patches independent of BD automated delivery should ensure these actions are performed as the acting responsible entity in order to maintain the correct security posture of the system(s).
- Ensure the following Microsoft patches have been applied:
*Third-Party Products affected by CVE-2019-1083
- Microsoft. NET Framework 2.0 Service Pack 2, 3.0 Service Pack 2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8
*Third-Party Products affected by CVE-2019-1006
The following specific Microsoft .NET Frameworks along with other Microsoft products that affect any systems using Single Sign On (SSO) are listed below:
Note: This vulnerability affects Microsoft .NET Frameworks, which can be standalone or embedded into certain Microsoft Windows Operating Systems (also listed below).
- Microsoft. NET Framework 2.0 Service Pack 2, 3.0 Service Pack 2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8
- Windows 10 1607, 1703, 1709, 1803, 1809 ,1903
- Windows 7 SP1,
- Windows 8.1
- Windows 8.1 RT
- Windows Server 2008 SP2, R2 SP1, R2 SP2
- Windows Server 2012 R2
- Windows Server 2016 1803, 1903
- Windows Server 2019
- Microsoft Identity Model 7.0
- SharePoint Enterprise Server 2013 SP1, 2016
- SharePoint Foundation 2010 SP2, 2013 SP1
- SharePoint Server 2019
For product or site-specific concerns, contact your BD service representative. If you observe symptoms of this attack, disconnect your system from the network and contact your BD service representative immediately.
https://i.blackhat.com/USA-19/Wednesday/us-19-Munoz-SSO-Wars-The-Token-Menace-wp.pdf