Product security bulletins

For product security and privacy alerts, notifications and documentation, see the following:

1 2 3

Remote Desktop Services Remote Code Execution Vulnerability

un May 15, 2019

BD is aware of and currently monitoring the Remote Desktop Services Remote Code Execution vulnerability. This vulnerability was announced by Microsoft on May 14, 2019. This vulnerability affects any systems that use Remote Desktop Services for Windows XP, Windows 7, Windows 2003 and Windows 2008.

Windows 7 Operating System End of Life

un Apr 17, 2019

Microsoft will end support for the Windows 7 Operating System (OS) after January 14, 2020 and for Windows Embedded Standard 7 Service Pack 1 on October 13, 2020. As a result, Microsoft will no longer provide security updates or support for devices running Windows 7.

Administrator Account Enabled in BD FACSLyric Cell Analyzer Systems with Windows 10 Professional

un Jan 29, 2019

Administrator Account Enabled in BD FACSLyric Cell Analyzer Systems with Windows 10 Professional

Microsoft Windows Task Scheduler Vulnerability

un Jan 24, 2019

BD is aware of a Microsoft Windows vulnerability in the task scheduler, which could allow malicious attackers to gain elevated system privileges, if compromised. This vulnerability identified a local privilege escalation vulnerability in the Advanced Local Procedure Call (ALPC) interface. It has been observed targeting fully patched Microsoft Windows 10 64-bit and Windows Server 2016 operating systems. This is not a BD-specific vulnerability, and there have been no reports of a BD product being affected by this vulnerability.

SQL Function Vulnerability for BD Kiestra TLA, BD Kiestra WCA, BD Kiestra InoquIA+

me Oct 2, 2018

This notification provides product security information and recommendations related to a product security vulnerability found in the following BD Kiestra Systems: BD Kiestra TLA, BD Kiestra WCA and BD InoqulA+ specimen processor. The contents of this notification will be disclosed publicly on the BD Product Security website (www.bd.com/productsecurity) and is voluntarily reported by BD with Information Sharing and Analysis Organizations (ISAOs) where BD participates, including the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) and the National Health Information Sharing and Analysis Center (NH-ISAC) to optimally reach past and present customers.

Select Alaris Plus Syringe Pumps sold and in-use outside the United States

cr Aug 23, 2018

BD has been made aware of a potential vulnerability that can impact various Alaris Syringe Pumps sold and used outside of the United States. If exploited, this vulnerability may allow an attacker to gain remote access to devices when connected to a terminal server via the serial port. This potential vulnerability does not affect the Alaris™ Syringe Module sold in the United States.

Kwampirs.A Virus

me Aug 9, 2018

BD is aware of a Trojan called Kwampirs, which allows malicious attackers remote access into a compromised computer. This is not a BD-specific vulnerability, and there have been no reports of a BD product being affected by Kwampirs. It has been observed targeting common legacy Microsoft Windows operating systems. Kwampirs affects those systems with enabled network shared drives, outdated or no malware protection and any version of the Microsoft Windows Operating System.

WPA2 “KRACK” Wi-Fi Vulnerability

me Jun 7, 2018

The set of vulnerabilities disclosed have been called Key Reinstallation attACKs (KRACK), which if exploited can potentially affect all business industries including the healthcare industry. "KRACK" allows data traffic manipulation resulting in partial disclosure of encrypted communication or injection of data into it. However, for KRACK to be successfully exploited an attacker would have to be within physical range of an affected Wi-Fi access point and client.

Meltdown and Spectre Update II

lo Mar 23, 2018

BD is currently monitoring the Meltdown and Spectre vulnerabilities. While these vulnerabilities are hardware-based, they impact multiple operating systems. A flaw in computer processing units (CPU) could allow malicious software to gain access to other processes and data on any impacted computer or server, including cloud applications. These vulnerabilities are not exclusive to BD or medical devices. They potentially affect every computer and/or device with a CPU, specifically certain Intel™ chips, AMD™ and ARM processors.

False-Positive File Flagged by Anti-Virus for BD FACSDiva

un Feb 12, 2018

This notification provides product security information and recommendations related to BD FACSDiva software. BD FACSDiva software is a collection of rich tools for flow cytometer and application setup, data acquisition, and data analysis that help streamline flow cytometry workflows for today's busy laboratory.

1 2 3

This site uses cookies. If you click accept cookies then all cookies will be written. Please review our cookies policy and configure your cookies for your experience.