true
Product Security Bulletin for Third-Party Windows SMBv3 Vulnerability

Background

BD is aware of and is currently monitoring a third-party vulnerability that affects Microsoft Server Message Block version 3.1.1 (SMBv3) protocol. This third-party vulnerability, which Microsoft corrected with their recent patch release, is not specific to BD or our products.

This remote code execution vulnerability, which affects Windows 10 only, impacts the way the SMBv3 protocol handles certain requests. The security patch, made by Microsoft, addresses the vulnerability by correcting how the SMBv3 protocol handles those requests. If successfully exploited, this vulnerability could potentially allow an unauthorized user to execute arbitrary code on the targeted system. Additionally, this third-party vulnerability can potentially be exploited in two ways:

  • An unauthorized user could send a specially crafted packet to a targeted SMBv3 server.
  • An unauthorized user could maliciously reconfigure an SMBv3 server and persuade a user to connect to it.

Response

BD is currently working to test and validate the Microsoft patch for BD products that use the affected third-party components. Please see the Product Security Patching website for all approved product security patching notifications. Additionally, we recommend the following compensating controls for customers using BD products that utilize Windows 10.

  • Execute updates to malware protection, where available
  • Ensure data has been backed up and stored according to your individual processes and disaster recovery procedures

BD Products that Utilize Affected Windows Versions:

  • BD has not received any reports of this third-party Microsoft vulnerability being exploited on BD products. The product list below is available to customers to help identify existing BD products that utilize Windows 10. The list provided below is not comprehensive and may be updated as more products are identified. It does not indicate the patch or device status.
  • BD FACSAria™ Fusion
  • BD FACSAria™ II
  • BD FACSAria™ III
  • BD FACSCanto™ 10-color
  • BD FACSCanto™ II
  • BD FACSCelesta™
  • BD FACSLink™
  • BD FACSLyric™
  • BD FACSMelody™
  • BD FACSSample Prep Assistant™ (SPA)
  • BD FACSymphony™ A3/A5
  • BD FACSymphony™ S6
  • BD LSRFortessa™
  • BD LSR™ II

Customers that maintain patches independent of BD automated delivery should ensure these actions are performed as the acting responsible entity in order to maintain the correct security posture of the system(s):

Ensure the following Microsoft patches have been applied:

 

For product-or site-specific concerns, contact your BD service representative. If you believe a BD device on your network has been impacted by any of these third-party vulnerabilities, disconnect the device from the network and contact your BD service representative immediately.