Bulletins
CRITICAL
BD is aware of and is currently monitoring two third-party vulnerabilities that affect Windows Adobe Type Manager Library. These third-party vulnerabilities, which Microsoft corrected with their latest patch release, are not specific to BD or our products.
These vulnerabilities exist when the Library improperly handles a specially crafted multi-master font, known as Adobe Type 1 PostScript format. Both vulnerabilities affect Windows 7, 8.1, RT 8.1, 10, Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019 and can be exploited in multiple ways. For instance, an unauthorized user could convince a user to open a malicious document in the Windows Preview Pane.
While these vulnerabilities could potentially allow an unauthenticated user to remotely execute custom code on the targeted system, Microsoft reported that the possibility of this is negligible and elevation of privilege is not possible. The security patch, made by Microsoft, remediates these vulnerabilities by correcting the way Windows Adobe Type Manager Library handles Type 1 fonts.
BD is currently working to test and validate the Microsoft patch for BD products that use the affected third-party components. Please see the Product Security Patching website for all approved product security patching notifications. Additionally, we recommend the following compensating controls for customers using BD products that utilize the affected Windows versions:
- Execute updates to malware protection, where available
- Ensure data has been backed up and stored according to your individual processes and disaster recovery procedures
BD has not received any reports of these third-party Microsoft vulnerabilities impacting BD products. The product list below is available to customers to help identify existing BD products that utilize Windows 7, 8.1, RT 8.1, 10, Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019. The list provided below is not comprehensive and may be updated as more products are identified. It does not indicate the remediation or device status.
- BD Accuri™
- BD Alaris™ CQI Reporter
- BD Alaris™ Guardrails™ Editor
- BD Alaris™ Systems Maintenance (ASM)
- BD Alaris™ Systems Manager (SM)
- BD Assurity Linc™
- BD BACTEC™ BOW
- BD BACTEC™ FX
- BD BACTEC™ FX40
- BD Care Coordination Engine™ (CCE)
- BD COR™ system
- BD DataLink™
- BD EpiCenter™
- BD FACSAria™
- BD FACSCanto™
- BD FACSCelesta™
- BD FACSJazz™
- BD FACSLink™
- BD FACSLyric™
- BD FACSMelody™
- BD FACSSample Prep Assistant™ (SPA)
- BD FACSVerse™
- BD FACSVia™
- BD FACSymphony™
- BD FocalPoint™ Guided Screen Review Station
- BD HealthSight™ Analytics (HSIO)
- BD HealthSight™ Diversion Management™
- BD HealthSight™ Patient Association™
- BD HealthSight™ Viewer™
- BD Influx™
- BD Kiestra™ InoqulA
- BD Kiestra™ TLA
- BD Kiestra™ WCA
- BD Knowledge Portal™
- BD LSR™
- BD LSRFortessa™
- BD MAX™
- BD MedMined™ Surveillance Advisor (MSA)
- BD Phoenix™ M50
- BD Pyxis ProcedureStation™ system with Tissue and Implant module
- BD Pyxis™ Anesthesia Station ES
- BD Pyxis™ CathRack System
- BD Pyxis™ CIISafe
- BD Pyxis™ CUBIE Replenishment System (CRS)
- BD Pyxis™ Global Controlled Substance Management (GCSM)
- BD Pyxis™ IV Prep
- BD Pyxis™ KanBan RF
- BD Pyxis™ Logistics
- BD Pyxis™ MedStation™ ES
- BD Pyxis™ Order Viewer
- BD Pyxis™ PharmoPack™
- BD Pyxis™ Server ES
- BD Pyxis™ SupplyStation (RFID)
- BD Specimen Collection Verification™
- BD Synapsys™
- BD Totalys™ Multiprocessor
- BD Totalys™ SlidePrep
- BD Viper LT™
Customers that maintain patches independent of BD automated delivery should ensure these actions are performed as the acting responsible entity in order to maintain the correct security posture of the system(s):
- Ensure the following Microsoft patches have been applied:
For product- or site-specific concerns, contact your BD service representative. If you believe a BD device on your network has been impacted by any of these third-party vulnerabilities, disconnect the device from the network and contact your BD service representative immediately.