Product Security

Dear Valued bioMérieux Customer,

This letter is to raise your awareness of the Remote Desktop Services Remote Code Execution vulnerability targeting Microsoft Windows® operating systems that was reported globally by Microsoft on August 13, 2019. This vulnerability targets the Remote Desktop Protocol (RDP) on several Microsoft Windows operating systems. bioMérieux, Inc. devices rely on RDP as a critical function to providing remote support and accessibility, and therefore bioMérieux provides recommendations to protect against this vulnerability.

Summary

Microsoft released a set of fixes for Remote Desktop Services that include two critical Remote Code Execution (RCE) vulnerabilities, CVE-2019-1181 and CVE-2019-1182. Like the previously-fixed ‘BlueKeep’ vulnerability (CVE-2019-0708), these two vulnerabilities are also ‘wormable’, meaning that any future malware that exploits these could propagate from vulnerable computer to vulnerable computer without user interaction.

Impacted systems in this communication's scope

BACT/ALERT® VIRTUO® OBSERVA®
DIVERSILAB® PREVI® ISOLA
EASYSTREAM® TEMPO®
EMAG® VIDAS® 3
ESTREAM® VIDAS® PC
GENE UP® VLINK®
MYLA® VITEK® 2
NUCLISENS® easyMAG® VITEK® MS
NUCLISENS EASYQ® Chemunex systems*

* (ScanRDI W10, D-Count 25/50). It is not recommended to connect the following systems to the network: ChemScan XP & W7, ScanRDI W7, D-Count II/BactiFlow ALS XP & W7 & W10.

Which versions are impacted

Summary of impacted OS versions:

  • Microsoft Windows® Embedded Standard 7 SP0
  • Microsoft Windows® Embedded Standard 7 SP1
  • Microsoft Windows® Server 2008 R2 SP1
  • Microsoft Windows® 10
  • Microsoft Windows® Server 2016

Recommendations

Update systems running Microsoft Windows® as soon as possible using the below guidelines:

  • Windows Embedded Standard 7 SP1 / Windows Server 2008 R2 SP1:
    Install August 2019 Windows Monthly Rollup
  • Windows10 and Windows Server 2016:
    Install August 2019 Windows Monthly Update
  • Network Level Authentication (NLA): NLA is not to be enabled if currently disabled
  • Block TCP port 3389 at the enterprise perimeter firewall
  • Apply Windows security updates as they become available
  • Apply Windows security updates manually
  • Apply Windows security updates one at a time 
  • Do not update Internet Explorer or download other software updates without consulting your IT department and bioMérieux Customer Support.
  • Disconnect or isolate systems which can’t be updated on an isolated network
  • Replace all systems out of support by the latest available supported version
  • Never expose bioMérieux systems directly to the internet

Additional Resources

If there are any questions or concerns, please reach out to your IT department and the bioMérieux Customer Support Center at 1-800-682-2666 for assistance.

 

Sincerely, 

US Commercial Operations

 

MAR 4495 • PRN 054449 Rev01.A

Pioneering Diagnostics