Product Security Bulletin for DejaBlue

Oct 30, 2019


Background

BD is aware of and currently monitoring the Remote Desktop Services Remote Code Execution vulnerabilities. These vulnerabilities were announced on August 13, 2019 and affect systems that use Remote Desktop Services for Windows 7 SP1, Windows 10, Windows Server 2008 R2 SP1, Windows Server 2012 R2, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2019. Both can be exploited remotely and does not require user interaction nor authentication. To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP.

Similar to the Remote Desktop Services Remote Code Execution “Blue Keep” vulnerability announced in May 2019, an attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. These vulnerabilities are also capable of spreading from vulnerable device to vulnerable device. Please see BD’s previous response to Remote Desktop Services Remote Code Execution for more information.

Products in Scope

BD has provided the list below in order to better help our customers identify any BD products with workstationsrunning with Remote Desktop Services on Windows 7 SP1, Windows 10, Windows Server 2008 R2 SP1, Windows Server 2012 R2, Windows Server 2012, Windows 8.1, Windows Server 2016, and Windows Server 2019. This list provided below is not comprehensive and may be updated as more products are identified. It does not indicate the patch or device status.

  • BD EpiCenter
  • BD BACTEC BOW
  • BD MAX
  • BD Assurity Linc
  • BD COR system
  • BD Pyxis MedStationES
  • BD Pyxis SupplyStation
  • BD Pyxis IV Prep, BD Pyxis Logistics
  • BD Alaris Systems Manager

Response

BD has had no reports of this vulnerability being exploited on a BD product, and is currently working to test and validate the Microsoft patch for BD products that use the affected third-party components. Please see the Product Security Patching website for all approved product security patching notifications. Additionally, BD recommends the following for systems that use Remote Desktop Services for Windows 7 SP1, Windows 10, Windows Server 2008 R2 SP1, Windows Server 2012 R2, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2019.

  • Enable Network Level Authentication (NLA) option in RDP server configuration.
  • Ensure data has been backed up and stored according to your individual processes and disaster recovery procedures
  • Execute updates to malware protection, where available

Customers that maintain patches independent of BD automated delivery should ensure these actions are performed as the acting responsible entity in order to maintain the correct security posture of the system(s).

Additional Resources

For product or site-specific concerns, contact your BD service representative. If you observe symptoms of this attack, disconnect your system from the network and contact your BD service representative immediately.

https://www.us-cert.gov/ncas/current-activity/2019/08/14/microsoft-releases-security-updates-address-remote-code-execution

This site uses cookies. If you click accept cookies then all cookies will be written. Please review our cookies policy and configure your cookies for your experience.