SOFTWARE SECURITY
UPDATES

Published: September 30, 2022

An unscored (as of September 30, 2022) vulnerability, CVE-2022-37461, has been identified in Vitrea View versions prior to 7.7.6.

EXECUTIVE SUMMARY

This vulnerability has two methods of attack – a “pre-authorization” exploit and a “post-authorization” exploit.  Both exploits involve attackers creating URLs that point to vulnerable Vitrea View installations and which contain malicious code, and the “post-authorization” exploit also requires convincing an authenticated Vitrea View user to click on the malicious link.

This vulnerability was brought to Canon Medical’s attention as part of a routine penetration test in a testing environment, was fixed, and was included in Vitrea View 7.7.6, released April 29, 2022. No patient information was accessed or exfiltrated.

Products that are not affected by this Vitrea View vulnerability:

• Vitrea Advanced Visualization
• Vitrea View 7.7.6 and above
• Vitrea Read (formerly known as Easy Viz)
• Vitrea Connection
• Rialto products
• Zillion products
• Solution Health (Cloud and On-Prem)
• Any Canon Medical modality

Products that are affected by CVE-2022-37461:

• Vitrea View (versions < 7.7.6)

RESOLUTION

All customers currently running a version of Vitrea View 7.7.x prior to 7.7.6 should upgrade to the latest Vitrea View version.

Canon Medical recommends that all customers run Vitrea View behind a web application firewall and/or load balancer to provide additional layers of security as part of a “defense in depth” or “zero trust security” posture.

If you have any questions, please contact our support team.

Published: April 07, 2022

Executive Summary

A critical vulnerability, CVE-2022-22965, has been identified in Spring Framework. This vulnerability is affecting the entire software industry, including some Canon Medical Informatics products. Specific combinations of Apache Tomcat and the Spring Boot executable are susceptible to a remote code execution (RCE) vulnerability. A mitigation strategy is currently being researched and developed.

Products that are not affected by SpringShell vulnerability:

• Vitrea Advanced Visualization (all versions prior to 7.14.x)
• Vitrea View
• Solution Health (Cloud and On-Prem)
• Easy Viz
• Zillion products
• Vitrea Connection
• Rialto products

Products that are affected by SpringShell vulnerability:

• Vitrea Advanced Visualization (7.15.x and 7.14.x)

Mitigation:

Options are still being explored to mitigate the issue with the affected versions, this page will be updated as soon as a recommended mitigation is available.

Our security and development teams continue to monitor this vulnerability as additional industry information becomes available to maintain the safety and effectiveness of our medical devices.

Please monitor this website for future updates.

If you have any questions, please contact our support team.

Published: March 15, 2022

Updated: March 22, 2022

VULNERABILITY SUMMARY

The custodians of OpenSSL have shipped patches to resolve a high-severity security flaw in its software library that could lead to a denial-of-service (DoS) condition when parsing certificates.

Tracked as CVE-2022-0778 the issue stems from parsing a malformed certificate with invalid explicit elliptic-curve parameters, resulting in what’s called an “infinite loop.” The flaw resides in a function called BN_mod_sqrt() that’s used to compute the modular square root.

REFERENCES AND SERVICES:

https://nvd.nist.gov/vuln/detail/CVE-2022-0778

https://www.openssl.org/news/secadv/20220315.txt

https://www.cisa.gov/uscert/ncas/current-activity/2022/03/17/openssl-releases-security-updates

RESOLUTION

Canon Medical recommends taking OpenSSL updates as they are made available.

Please use the references above to determine which update is applicable to your OpenSSL deployment.

Disclaimer: When following any of the links provided you will be leaving Canon Medical’s website. Canon is not responsible for the content, security or availability of linked sites.

If you have any questions, please contact  Canon Medical Customer Success.

Published: December 12, 2021      Updated: March 1, 2022

Executive Summary

Critical vulnerabilities, CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, CVE-2021-44832  have been identified in Apache Log4j, a popular Java based logging framework. This vulnerability is affecting the entire software industry, including some Canon Medical Informatics products. Apache Log4j 2.14.1 and below are susceptible to a remote code execution vulnerability where a remote attacker can take full control of a vulnerable machine. As such, it is critical to take immediate actions to mitigate this vulnerability.

Products that are not affected by Apache Log4j vulnerability:

• Vitrea View
• Vitrea Advanced Visualization 6.x
• Solution Health (Cloud)
• Easy Viz
• Zillion
• Rialto Connect and Rialto Vault
• Olea Sphere

– Applications integrated with Vitrea (iCAD, Invia, Medis, Mevis, Mirada, Olea and Tomtec ) are not affected.

Products that are affected by Apache Log4j vulnerability:

• Vitrea Advanced Visualization 7.x
• Vitality XT server
• Vitrea Connection 8.x
• Rialto 7.x
• Solution Health (On-Prem)
• Vitrea DataStream

Recommended actions for mitigation:

External Network

• Update firewall configurations to block outbound connections on the LDAP port. Please contact your IT department to update your firewall configurations. As an example, please see the following industry-recommended mitigation.
• Patch the offending log4j libraries in affected products to remove the specific piece of code that enables the vulnerability.

Internal Network

• For Vitrea Advanced Visualization version 7.6.x, 7.7.x, 7.8.x, 7.9.x, 7.10.x, 7.11.x, 7.12.x, 7.14.x , 7.15.0, 7.15.1 products:
  Please follow this link to download the mitigation instructions: https://www.vitalimages.com/supportdownloads/AV-17122021A_CVE-2021-44228-E.zip

The latest update is a non-functional update. If your site has already ran a previous version of this mitigation, running this latest version is unnecessary

NOTE* – If you ran the mitigation prior to this update, you will need to run this updated/comprehensive script to mitigate CVE-2021-44832 vulnerability.

• For Vitrea Connection 8.x , Rialto 7.x, Solution Health (On-Prem) products: Please contact customer support for assistance.

Our security and development teams continue to monitor this vulnerability as additional industry information becomes available to maintain the safety and effectiveness of our medical devices.

Please monitor this website for future updates.

If you have any questions, please contact our support team.

Update: Nov 9, 2021

Published: Nov 12, 2021

Microsoft continues to address this vulnerability involving the windows installer elevation of privilege in Windows operating systems. Similarly to the announcements in recent weeks, a new vulnerability has been discovered. Microsoft has yet to patch this vulnerability.

VULNERABILITY SUMMARY

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The specific flaw exists within the Windows Installer service. By creating a junction, an attacker can abuse the service to delete a file or directory. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. **

RELATED LINKS

Nov 23, 2021

MISC:https://www.zerodayinitiative.com/advisories/ZDI-21-1308/

MISC:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41379

URL:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41379

https://blog.talosintelligence.com/2021/11/attackers-exploiting-zero-day.html

Please continue to monitor these Microsoft links for relevancy to your systems and patch your systems as they become available.

Published: August 11, 2021

Microsoft continues to address multiple high severity vulnerabilities involving the print spooler in most Windows operating systems. Similarly to the announcements in recent weeks, a new vulnerability has been discovered. Microsoft has yet to patch this vulnerability.

VULNERABILITY SUMMARY

A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Security patches have not been released as of the Patch Tuesday on August 10, 2021. Microsoft has provided a workaround within the link below.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36958

**

RELATING LINKS:

Jul 15, 2021
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481
https://support.microsoft.com/en-us/topic/kb5005652-manage-new-point-and-print-default-driver-installation-behavior-cve-2021-34481-873642bf-2634-49c5-a23b-6d8e9a302872

Please continue to monitor these Microsoft links for relevancy to your systems and patch your systems as they become available.

Update: August 13, 2021

Published: July 2, 2021

Microsoft has released a set of out-of-band updates to remediate these vulnerabilities. These patches are available at the link referenced below.

NOTE: Several vulnerability watchdog publications are challenging the comprehensive efficacy of the latest out-of-band updates released July 7, 2021 citing that similar high severity vulnerabilities remain outstanding. Microsoft has yet to respond to these allegations at the time of this update.

Please continue to monitor Microsoft updates on this evolving issue and follow the guidance as it becomes available.

VULNERABILITY SUMMARY

Microsoft has resolved the vulnerability called “PrintNightmare”, that affects Windows Print Spooler and has assigned CVE-2021-34527 to this vulnerability.

This vulnerability affects all Vitrea products that are installed on Windows server operating systems and Windows workstation operating systems.

Microsoft has now provided windows updates to resolve this issue. Please take your windows updates accordingly.

REFERENCES AND SERVICES:

Windows Print Spooler Remote Code Execution Vulnerability

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527

RESOLUTION

Canon Medical recommends taking Windows Updates as they are available and check back to this page for updates.

Disclaimer: When following any of the links provided you will be leaving Canon Medical’s website. Canon Medical is not responsible for the content, security or availability of linked sites.

If you have any questions, please contact Canon Medical Customer Success.

Published: May 27, 2021

SUMMARY

NVIDIA has provided the following Security Announcement:

NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses multiple issues that may lead to code execution, denial of service, escalation of privileges, and information disclosure.

Specific driver update for vGPU and Quadro video cards is 452.96

To protect your system, download and install this software update through the NVIDIA Driver Downloads Portal or, for the vGPU software update, through the NVIDIA Licensing Portal.

Impact assessment and details on these high severity vulnerabilities are available through the NVIDIA Security Advisory provided at the below.

REFERENCES AND SERVICES:

NVIDIA Security Advisory

https://nvidia.custhelp.com/app/answers/detail/a_id/5172

NVIDIA Driver Download Portal

https://www.nvidia.com/Download/index.aspx?lang=en-us

RESOLUTION

Canon Medical strongly recommends installing vendor patches and  security updates as soon as possible.

Disclaimer: When following any of the links provided you will be leaving Canon Medical’s website. Canon Medical is not responsible for the content, security or availability of linked sites.

If you have any questions, please contact Canon Medical Customer Success.

Published: May 17, 2021

VULNERABILITY SUMMARY

TOMTEC Imaging Systems GmbH has provided Canon Medical with a vulnerability disclosure.

The TOMTEC-ARENA product is integrated with Vitrea and therefore may affect your deployment if you have purchased TOMTEC-ARENA software.

Impact assessment and details on these vulnerabilities are available through the TOMTEC Vulnerability Disclosure provided below.

REFERENCES AND SERVICES:

TOMTEC Vulnerability Disclosure Information 2021-0001

https://www.vitalimages.com/wp-content/uploads/Vulnerability-Disclosure-Form-2021-0001.pdf

RESOLUTION

Canon Medical recommends updating to the latest version of Vitrea that will contain the TOMTEC-ARENA update once it has been released. Check to this page for updated information.

Disclaimer: When following any of the links provided you will be leaving Canon Medical’s website. Canon Medical is not responsible for the content, security or availability of linked sites.

If you have any questions, please contact Canon Medical Customer Success.

Published: January 13, 2021

Adobe stopped supporting Flash Player beginning December 31, 2020 (“EOL Date”), as previously announced in July 2017. In addition, to help secure users’ systems, Adobe blocked Flash content from running in Flash Player beginning January 12, 2021. Adobe strongly recommends all users immediately uninstall Flash Player to help protect their systems.

For removal of Adobe Flash plugin from Microsoft Internet Explorer, you may install the security patch by running Windows Update.

VULNERABILITY SUMMARY

Adobe Flash EOL

REFERENCES AND SERVICES:

Windows

Update for Removal of Adobe Flash Player for Windows can be found here KB4577586

Adobe

Standalone

https://www.adobe.com/products/flashplayer/end-of-life.html 

Enterprise

https://www.adobe.com/products/flashplayer/enterprise-end-of-life.html 

For general information on Flash Player’s EOL, please see Adobe’s general FAQ .

RESOLUTION

Canon Medical strongly recommends following this software removal guidance and installing all security patches provided by Microsoft.

Disclaimer: When following any of the links provided you will be leaving Canon Medical’s website. Canon Medical is not responsible for the content, security or availability of linked sites.

If you have any questions, please contact Canon Medical Customer Success.

Published: July 29, 2020
Updated: September 10, 2020

VULNERABILITY SUMMARY

Eclypsium researchers have discovered a vulnerability — dubbed “BootHole” — in the GRUB2 bootloader configuration file utilized by most Linux systems that can be used to gain arbitrary code execution during the boot process, even when Secure Boot is enabled. Attackers exploiting this vulnerability can install persistent and stealthy bootkits or malicious bootloaders that could give them near-total control over the victim device.

This configuration file is an external file commonly located in the EFI System Partition and can therefore be modified by an attacker with administrator privileges without altering the integrity of the signed vendor shim and GRUB2 boot loader executables. This could allow an authenticated, local attacker to modify the contents of the GRUB2 configuration file to ensure that the attacker’s chosen code is run before the operating system is loaded.

The vulnerability affects systems using Secure Boot, even if they are not using GRUB2. Almost all signed versions of GRUB2 are vulnerable, meaning virtually every Linux distribution is affected. In addition, GRUB2 supports other operating systems, kernels and hypervisors. The problem also extends to any Windows device that uses Secure Boot with the standard Microsoft Third Party UEFI Certificate Authority. Thus the majority of laptops, desktops, servers and workstations are affected.

Canon Medical is investigating this broad reaching vulnerability to define the scope of products affected and to determine a list of vendors providing relevant updates.

REFERENCES AND SERVICES:

System patching and mitigation guidance is provided by the following vendors:

HPE Servers:

HPE Security Bulletin: https://www.hpe.com/us/en/services/security-vulnerability.html

Impact statement: https://techhub.hpe.com/eginfolib/securityalerts/Boot_Hole/boot_hole.html

• A number of items need updating that are listed within the Impact statement. Such as firmware updates for HPE Service Pack for ProLiant (SPP) and HPE Intelligent Provisioning.

Secure Boot DBX Updater for Windows and UEFI: https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-a00105191en_us

HP Workstations:

HP Workstations Security Bulletin: https://support.hp.com/us-en/document/c06655639

HP Workstations Security Bulletin:  https://support.hp.com/us-en/document/c06707446

VMware:

VMware Bulletin: https://kb.vmware.com/s/article/80181

Dell Workstations:

Dell Security Bulletin:

https://www.dell.com/support/article/en-us/sln322283/dell-response-to-grub2-vulnerabilities-which-may-allow-secure-boot-bypass?lang=en

Additional Information:

https://www.dell.com/support/article/en-us/sln322287/additional-information-regarding-the-boothole-grub-vulnerability?lang=en

For more information and updates on the GRUB2 vulnerability, visit

NVD

https://nvd.nist.gov/vuln/detail/CVE-2020-10713

Carnegie Mellon

https://www.kb.cert.org/vuls/id/174059

RESOLUTION

Canon Medical recommends installing the applicable patches related to your deployment as soon as possible.

Disclaimer: When following any of the links provided you will be leaving Canon Medical’s website. Canon Medical is not responsible for the content, security or availability of linked sites.

If you have any questions, please contact Canon Medical Customer Success.

Published: August 11, 2020

Microsoft Corporation has announced an elevation of privilege vulnerability that exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol.

VULNERABILITY SUMMARY

CVE-2020-1472 is an elevation of privilege vulnerability that exsists in Windows’ Netlogon. An unauthenticated user could use MS-NRPC to connect to a domain controller as a domain administrator. An attacker who successfully exploits the vulnerability can run a specially crafted application on a device on the network.

Microsoft adds an important note to their advisory that this patch is the first of two patches to fix this vulnerability. The second patch is slated to be released in Q1 2021.

NOTE: Canon Medical is aware of this critical vulnerability and we are in the process of testing our products in the context of the Phase 1 patch.

REFERENCES AND SERVICES:

Microsoft encourages administrators to review the following resource(s) and apply the necessary patches to affected systems for Phase 1 of the update:

Microsoft CVE-2020-1472

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472

RESOLUTION
Canon Medical strongly recommends installing vendor patches and updates as soon as possible.

Patches for all impacted versions can be found at the links in the References section above.

Disclaimer: When following any of the links provided you will be leaving Canon Medical’s website. Canon Medical is not responsible for the content, security or availability of linked sites.

If you have any questions, please contact Canon Medical Customer Success.

Published: June 16, 2020

The Department of Homeland Security and CISA ICS-CERT issued a critical security advisory warning covering multiple newly discovered vulnerabilities affecting Internet-connected devices manufactured by multiple vendors.

VULNERABILITY SUMMARY

A networking stack is a software component that provides network connectivity over the standard internet protocols. In this specific case these protocols include ARP, IP (versions 4 and 6), ICMPv4, UDP and TCP communications protocols. The Treck networking stack is used across a broad range of industries (medical, government, academia, utilities, etc.), from a broad range of device manufacturers – a fact which enhances their impact and scope, as each manufacturer needs to push an update for their devices independently of all others.

The impact of these vulnerabilities will vary due to the combination of build and runtime options used while developing different embedded systems. This diversity of implementations and the lack of supply chain visibility has exasperated the problem of accurately assessing the impact of these vulnerabilities. In summary, a remote, unauthenticated attacker may be able to use specially-crafted network packets to cause a denial of service, disclose information, or execute arbitrary code.

NOTE: This is a hardware-centric suite of vulnerabilities. The “Ripple20” is not specific to Canon Medical software.

NOTE: Canon Medical has discovered that related vendor patching for this attack vector has extended beyond the 19 vulnerabilities identified in the original “Ripple 20” announcement by JSOF (see below).

REFERENCES AND SERVICES:

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and users and administrators to review the following resources and apply the necessary updates to affected systems:

JSOF’s original “Ripple 20” write up:

https://www.jsof-tech.com/ripple20/

Intel® CSME, SPS, TXE, AMT, ISM and DAL Advisory:

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html

Workstations:

The vulnerabilities in the Intel product flow downhill to the HP Inc and Dell workstations via the Intel Chipsets. Affected products can be found at the following locations:

HP Inc:

https://support.hp.com/us-en/document/c06655639

Dell Inc:

https://www.dell.com/support/article/en-us/sln321836/dell-response-to-the-ripple20-vulnerabilities?lang=en

https://www.dell.com/support/article/en-us/sln321723/june-2020-intel-platform-update-ipu-2020-1-impact-on-dell-and-dell-emc-products?lang=en

https://www.dell.com/support/article/en-us/sln321727/dsa-2020-143-dell-client-platform-security-update-for-intel-platform-updates-2020-1?lang=en

Servers:

HPE:

https://techhub.hpe.com/eginfolib/securityalerts/Ripple20/Ripple20.html

HPE – ProLiant Gen10 iLO 5 vulnerabilities.

https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04012en_us

No other hardware supported by Canon Medical has been determined affected.

RESOLUTION
Canon Medical strongly recommends installing the vendor patches and updates as soon as possible.

Patches for all impacted versions can be found at the links in the References section above.

Disclaimer: When following any of the links provided you will be leaving Canon Medical’s website. Canon Medical is not responsible for the content, security or availability of linked sites.

If you have any questions, please contact Canon Medical Customer Success.

Published: March 11, 2020

Updated: March 12, 2020

Microsoft has released a security advisory ADV200005 and has published an update that includes the affected software versions as well as an appropriate patch for each.

Patches and affected software mapping can be found here CVE-2020-0796. You may also install the patch by running Windows Update.

VULNERABILITY SUMMARY

Microsoft is aware of a remote code execution vulnerability in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target SMB Server or SMB Client.

To exploit the vulnerability against an SMB Server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 Server. To exploit the vulnerability against an SMB Client, an unauthenticated attacker would need to configure a malicious SMBv3 Server and convince a user to connect to it.

Microsoft will update its advisory listed above when further updates are available.

REFERENCES

MITRE is tracking this vulnerability as CVE-2020-0796.

RESOLUTION

Canon Medical strongly recommends installing this patch as well as all security patches provided by Microsoft.

Disclaimer: When following any of the links provided you will be leaving Canon Medical’s website. Canon Medical is not responsible for the content, security or availability of linked sites.

If you have any questions, please contact Canon Medical Customer Success.

Published: January 19, 2020

Microsoft has released a security advisory (ADV200001) that currently only includes workarounds and mitigations that can be applied in order to safeguard vulnerable systems from attacks. At the time of writing, there is no patch yet available for this issue. Microsoft said it is working on a fix, to be released at a later date.

While Microsoft said it was aware that the IE zero-day was being exploited in the wild, the company described these as “limited targeted attacks,” suggesting the zero-day was not broadly exploited, but rather that it was part of attacks aimed at a small number of users. These limited IE zero-day attacks are believed to be part of a larger hacking campaign, which also involves attacks against Firefox users.

VULNERABILITY SUMMARY

A remote code execution (RCE) vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email.

REFERENCES

This IE RCE zero-day is also tracked as CVE-2020-0674

RESOLUTION

While this vulnerability and its current Microsoft-provided workaround is not anticipated to directly affect Canon Medical Products, deployments of said products include the affected Internet Explorer file(s) listed in the advisory. Corporations should follow their company policies when considering the configuration mitigations provided in the Microsoft Advisory ADV200001 linked above.

Canon Medical will continue to monitor announcements and progress regarding future patching for this vulnerability and will distribute updated communication as needed.

Canon Medical recommends installing the Microsoft Monthly Roll-up Updates.

Disclaimer: When following any of the links provided you will be leaving Canon Medical’s website. Canon Medical is not responsible for the content, security or availability of linked sites.

If you have any questions, please contact Canon Medical Customer Success.

Published: January 14, 2020

Microsoft has released security updates to address multiple critical remote code execution vulnerabilities, CVE-2020-0609, CVE-2020-0610 and CVE-2020-0611.

VULNERABILITY SUMMARIES

Windows Remote Desktop Server Vulnerabilities – CVE-2020-0609/CVE-2020-0610

A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems RD Gateway via RDP.

The update addresses the vulnerability by correcting how RD Gateway handles connection requests.

CVE-2020-0609/CVE-2020-0610:

• Affects all supported Windows Server versions (Server 2012 and newer; support for Server 2008 ends January 14, 2020);
• Occurs pre-authentication; and
• Requires no user interaction to perform.

The Microsoft Security Advisories for CVE-2020-0609 and CVE-2020-0610 address these vulnerabilities.

Windows Remote Desktop Client Vulnerability – CVE-2020-0611

A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would need to have control of a server and then convince a user to connect to it. An attacker would need to trick the user into connecting via social engineering, DNS poisoning or using a Man in the Middle (MITM) technique. An attacker could also compromise a legitimate server, host malicious code on it, and wait for the user to connect.

The update addresses the vulnerability by correcting how the Windows Remote Desktop Client handles connection requests.

CVE-2020-0611:

• Affects all supported Windows Server and Workstation versions (Support for Server 2008 and Windows 7 ends January 14, 2020)

The Microsoft Security Advisory for CVE-2020-0611 addresses this vulnerability.

RESOLUTION
Microsoft strongly recommends installing the Windows Updates as soon as possible.

Patches for all impacted versions can be found at the specific CVE links in the summary sections above.

Canon Medical recommends installing the Microsoft Monthly Roll-up Updates.

Disclaimer: When following any of the links provided you will be leaving Canon Medical’s website. Canon Medical is not responsible for the content, security or availability of linked sites.

If you have any questions, please contact Canon Medical Customer Success.

Published: October 31st, 2019

Google has released Chrome version 78.0.3904.87 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. One of these vulnerabilities (CVE-2019-13720) was detected in exploits in the wild.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates.

VULNERABILITY SUMMARY:

Google is currently not publishing a summary of the vulnerability.

The following is an announcement from the link provided above:

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”

REFERENCES:

• MITRE Advisory

RESOLUTION:
Canon Medical recommends checking  your Chrome browser Help->About Google Chrome and confirming that you’re on the latest Chrome update 78.0.3904.87.

Disclaimer: When following any of the links provided you will be leaving Canon Medical’s website. Canon Medical is not responsible for the content, security or availability of linked sites.

If you have any questions, please contact Canon Medical Customer Success.

Published: September 23, 2019

Microsoft has released an out of band security updates to address a scripting engine memory corruption vulnerability, CVE-2019-1367 for the following version of Internet Explorer:

• Internet Explorer 11

VULNERABILITY SUMMARY:

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email.

The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.

REFERENCES:

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and users and administrators to review the following resources and apply the necessary updates:

• Microsoft Security Vulnerability Information for  CVE-2019-1367

Other useful references:

• MITRE Advisory
• National Vulnerability Database

RESOLUTION:
Microsoft strongly recommends installing the Windows Update as soon as possible.

There is a vulnerability that is being actively exploited in the wild.

Canon Medical recommends installing the Microsoft patches as they are released.

Disclaimer: When following any of the links provided you will be leaving Canon Medical’s website. Canon Medical is not responsible for the content, security or availability of linked sites.

If you have any questions, please contact Canon Medical Customer Success.

Published: August 14, 2019

Microsoft has released security updates to address two remote code execution vulnerabilities, CVE-2019-1181 and CVE-2019-1182, in the following operating systems:

• Windows 7 SP1
• Windows Server 2008 R2 SP1
• Windows Server 2012
• Windows 8.1
• Windows Server 2012 R2
• Windows 10

VULNERABILITY SUMMARY:

An attacker could exploit these vulnerabilities to take control of an affected system. Similar to CVE-2019-0708 – dubbed BlueKeep and announced in June 2019 – these vulnerabilities are considered “wormable” because malware exploiting these vulnerabilities on a system could propagate to other vulnerable systems.

REFERENCES:

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and users and administrators to review the following resources and apply the necessary updates:

• Microsoft Security Vulnerability Information for  CVE-2019-1181
• Microsoft Security Vulnerability Information for CVE-2019-1182

Other useful references:

• Microsoft Security Blog Post: Protect Against BlueKeep
• Microsoft Customer Guidance for CVE-2019-0708
• Microsoft Security Blog Post: Patch New Wormable Vulnerabilities in Remote Desktop Services (CVE-2019-1181/1182)

RESOLUTION:
Microsoft strongly recommends installing the Windows Update as soon as possible.

Both patches for all impacted versions can be found at the specific CVE links in the References section above.

Canon Medical recommends installing the Microsoft Monthly Roll-up Updates.

Disclaimer: When following any of the links provided you will be leaving Canon Medical’s website. Canon Medical is not responsible for the content, security or availability of linked sites.

If you have any questions, please contact Canon Medical Customer Success.

Published: July 19, 2019

DICOM.org has reported the following Security Advisory:

VULNERABILITY SUMMARY

The DICOM Standards Organization has reported a data validation vulnerability in the preamble defined by the DICOM File format. According to this report, the vulnerability is exploitable by embedding executable code into the 128-byte preamble. A malicious actor could modify a DICOM file preamble so that it is treated as both an executable program and as a DICOM file. A user might be somehow convinced to execute the file.

Note:

The DICOM Network Communications protocol between modalities, PACS, and display systems does not transmit a preamble and is not subject to this vulnerability.

References:

DICOM FAQ Response to 128-byte preamble vulnerability

RESOLUTION

Review link provided above for details and vulnerability scenarios.

For Canon Medical customers, always exercise caution by reviewing or AV (Antivirus)  scanning the contents of any portable media (CDs, USBs, etc.) to determine that all files are legitimate DICOM files. Canon Medical recommends that affected users reach out to their specific AV vendor to determine if their solution properly scans for the affected file type. In the situation where an AV solution cannot be installed, affected users should take steps to make sure that they have processes and procedures in place to scan portable/removable media for suspicious files before introducing the media into their medical networks.

Disclaimer: When following any of the links provided you will be leaving Canon Medical’s website. Canon Medical is not responsible for the content, security or availability of linked sites.

If you have any questions, please contact Canon Medical Customer Success.

Published: June 20, 2019

Microsoft® has provided the following Security Bulletin for the Remote Desktop Services Remote Code Execution Vulnerability (a.k.a. BlueKeep) Vulnerability CVE-2019-0708:

VULNERABILITY SUMMARY
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP.

The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests.

References:

• CVE-2019-0708 – From the National Vulnerability Database
• CVE-2019-0708 – Microsoft Security Announcement

Only impacted versions are listed:

• Windows 7 for X64-based Systems Service Pack 1 for Vitrea 6.x and Vitrea 7.x
• Windows Server 2008 R2 for x64-based Systems Service Pack 1 for Vitrea 6.x

RESOLUTION
Microsoft strongly recommends taking the Windows Update as soon as possible.

The required patches for all impacted versions can be found here.

Canon Medical recommends taking the Microsoft Monthly Updates.

Disclaimer: When following any of the links provided you will be leaving Canon Medical’s website. Canon Medical is not responsible for the content, security or availability of linked sites.

If you have any questions, please contact Canon Medical Customer Success.

Published: June 17, 2019

Hewlett Packard Enterprise has provided the following Security Bulletin:

VULNERABILITY SUMMARY
Vulnerabilities discovered in HPE Integrated Lights-Out 4 (iLO 4) for Gen9 servers and Integrated Lights-Out 5 (iLO 5) for Gen10 Servers could be exploited remotely to allow Cross-Site Scripting (XSS), Unauthorized Data Injection, and Buffer Overflow.

References:

• CVE-2019-11982 – Cross-Site Scripting (XSS)
• CVE-2019-11983 – Buffer overflow in CLI
• CVE-2018-7117 – Cross-Site Scripting (XSS)

Only impacted versions are listed:

• HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers 1.39 and earlier
• HPE Integrated Lights-Out 4 (iLO 4) 2.61b and earlier

RESOLUTION
HPE has provided updated firmware for Integrated Lights-Out 4 (iLO 4) for Gen9 servers and Integrated Lights-Out 5 (iLO 5) for Gen10 to resolve these issues.

• For iLO 4 (GEN 9), acquire firmware version 2.70 (or later) here and install it
• For iLO 5 (GEN 10), acquire firmware version 1.40 (or later) here and install it

Hewlett Packard Enterprise strongly recommends the information in this Security Bulletin should be acted upon as soon as possible.

Canon Medical recommends subscribing to the Hewlett Packard Enterprise Security Bulletins for future security updates.

Disclaimer: When following any of the links provided you will be leaving Canon Medical’s website. Canon Medical is not responsible for the content, security or availability of linked sites.

If you have any questions, please contact Canon Medical Customer Success.

Published: June 3, 2019

HPE has provided the following Security Announcement:

On May 14, 2019, Intel and other industry partners shared details and information about a new group of vulnerabilities collectively called Microarchitectural Data Sampling (MDS).  These security vulnerabilities in CPUs may allow information disclosure. Intel is releasing microcode updates (MCU) to mitigate these potential vulnerabilities. These are coupled with corresponding updates to operating system and hypervisor software.

More details are available through CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091, and the Intel Security Advisory.

Impact assessment for HPE Products is available here.

Additional details on HPE Support Center.

Disclaimer: If you follow the any of the links provided you will be leaving Canon Medical’s website. Canon Medical is not responsible for the content, security or availability of linked sites.

If you have any questions please contact Canon Medical Customer Success.

Published: June 4, 2018

Microsoft has recently released a security update for a vulnerability in Remote Desktop Services(RDS). It has been reported that if two machines do not have the same RDS patch install level, an incompatibility issue between them can prevent log in.

This RDS update has been released through the standard Windows Update distribution channels and will be installed to those machines taking the standard monthly Windows Updates.

The RDS security update details are here: