BD is aware of and is currently monitoring a third-party vulnerability that affects Microsoft Server Message Block version 3.1.1 (SMBv3) protocol. This third-party vulnerability, which Microsoft corrected with their recent patch release, is not specific to BD or our products.
This remote code execution vulnerability, which affects Windows 10 only, impacts the way the SMBv3 protocol handles certain requests. The security patch, made by Microsoft, addresses the vulnerability by correcting how the SMBv3 protocol handles those requests. If successfully exploited, this vulnerability could potentially allow an unauthorized user to execute arbitrary code on the targeted system. Additionally, this third-party vulnerability can potentially be exploited in two ways:
BD is currently working to test and validate the Microsoft patch for BD products that use the affected third-party components. Please see the Product Security Patching website for all approved product security patching notifications. Additionally, we recommend the following compensating controls for customers using BD products that utilize Windows 10.
Customers that maintain patches independent of BD automated delivery should ensure these actions are performed as the acting responsible entity in order to maintain the correct security posture of the system(s):
Ensure the following Microsoft patches have been applied:
For product-or site-specific concerns, contact your BD service representative. If you believe a BD device on your network has been impacted by any of these third-party vulnerabilities, disconnect the device from the network and contact your BD service representative immediately.