Hemodynamic Recording, Electrophysiology Recording, and Cardiovascular Information Technologies
CVE-2020-1350 | Windows DNS Server Remote Code Execution Vulnerability
1.Does not impact ALTIX (V7) servers as they are not configured as DNS server.
2.For Mac-Lab/CardioLab V6.9, 6.9.5 and 6.9.6 R1/R2/R3 on Windows 2008 R2 SP1 server,
Microsoft has released a patch that addresses the vulnerability which is available for customers who have purchased Extended Support Updates (ESU). For these customers, it is recommended that the security update KB4565539 be applied to all Mac-Lab/CardioLab systems in the network instead of the workaround.
CVE-2020-10713 - BootHole (GRUB) Vulnerability
Set BIOS Admin Password to prevent alteration of the BIOS Setup configuration, such as the boot device, and Secure Boot mode. For AltiX, instructions are included in Privacy and Security Manual.
Based on the configuration v6.9.6 R1, v6.9.6 R2, v6.9.6 R3, v6.9.5 & v6.9 are not impacted.
Based on the configuration AltiX Acquisition systems are not impacted.
All AltiX Software Only Systems (including INW Server) are customer managed hardware. Please check the impact and take steps appropriately.
For AltiX, Review Systems are configured by default to allow booting to internal boot device, additionally customer can set BIOS Admin Password as stated above.
CHANGES FOR ALTIX BT21 (V7.1):
Refer to Security Patch Updates(last updated 19 November 2020) for list of qualified patches
For all applicable patches, only apply qualified patches.
Following would be notified in this website from time to time:
- Latest qualified OS security patches: July 2020
- Latest qualified Non-OS security patches: April 2020
Security patches at release: List of security patches installed at release: (last updated 01 December 2020)
- Issues related to Windows OS and Third Party Security Only Patches (if any).
- Recommended actions for notified issues.
CHANGES FOR ALTIX (v7):
- Refer to AltiX:Security Patch Updates(last updated 19 November 2020) for list of qualified patches
- Only qualified patches to be applied on the system. Refer the above document.
- Customers using Microsoft Defender to update Microsoft Malware Protection Engine to version 1.1.16400.2 or later. Microsoft Defender to be disabled, if other anti-malware solution is used (CVE-2019-1255).
- ➢ Latest Non-OS qualified security patches: None (last updated 16 September 2019)
Changes for 6.9.6 Release 3:Added qualified patches and unqualified vulnerabilities
Changes for 6.9.6 Release 2: Added qualified patches and unqualified vulnerabilities
Changes for 6.9.6 Release 1: Added qualified patches and unqualified vulnerabilities
Changes for 6.9.5 and 6.9: Added qualified patches and unqualified vulnerabilities
Changes for Pre-6.9: Qualified new security patches
Pre-6.9: Security patch updates (last updated 16 August 2019)
CHANGES FOR ALTIX BT21 (V7.1): QUALIFIED INSTALLATION INSTRUCTIONS
Anti-Virus Installation Instructions (last updated 16 April 2020)
CHANGES FOR ALTIX (V7): QUALIFIED INSTALLATION INSTRUCTIONS
Anti-Virus Installation Instructions (last updated 2 April 2019)
Changes for 6.9.6 Release 3: Qualified installation instructions and added additional translations
Changes for 6.9.6 Release 2: Added German and French translations
Changes for 6.9.6 Release 1: None
Changes for Pre-6.9, 6.9, 6.9.5: None
Pre-6.9, 6.9, 6.9.5: Anti-Virus Installation Instructions (last updated 22 August 2019)