New Invasive Cardiology Product Security

Hemodynamic Recording, Electrophysiology Recording, and Cardiovascular Information Technologies

Security Patches

CVE-2020-1350 | Windows DNS Server Remote Code Execution Vulnerability
1.Does not impact ALTIX (V7) servers as they are not configured as DNS server.
2.For Mac-Lab/CardioLab V6.9, 6.9.5 and 6.9.6 R1/R2/R3 on Windows 2008 R2 SP1 server,


Microsoft has released a patch that addresses the vulnerability which is available for customers who have purchased Extended Support Updates (ESU). For these customers, it is recommended that the security update KB4565539 be applied to all Mac-Lab/CardioLab systems in the network instead of the workaround.

CVE-2020-10713 - BootHole (GRUB) Vulnerability Recommendation:
Set BIOS Admin Password to prevent alteration of the BIOS Setup configuration, such as the boot device, and Secure Boot mode. For AltiX, instructions are included in Privacy and Security Manual.

Based on the configuration v6.9.6 R1, v6.9.6 R2, v6.9.6 R3, v6.9.5 & v6.9 are not impacted.
Based on the configuration AltiX Acquisition systems are not impacted.
All AltiX Software Only Systems (including INW Server) are customer managed hardware. Please check the impact and take steps appropriately.
For AltiX, Review Systems are configured by default to allow booting to internal boot device, additionally customer can set BIOS Admin Password as stated above.

CHANGES FOR ALTIX BT21 (V7.1):
  • Refer to Security Patch Updates(last updated 18 August 2020) for list of qualified patches
  • For all applicable patches, only apply qualified patches.
    • Latest qualified OS security patches: July 2020
    • Latest qualified Non-OS security patches: April 2020
  • Following would be notified in this website from time to time:
    • Issues related to Windows OS and Third Party Security Only Patches (if any).
    • Recommended actions for notified issues.
  • Security patches at release: List of security patches installed at release: (last updated 30 July 2020)
  • CHANGES FOR ALTIX (v7):
    • Refer to AltiX:Security Patch Updates(last updated 18 August 2020) for list of qualified patches
    • Only qualified patches to be applied on the system. Refer the above document.
    • Customers using Microsoft Defender to update Microsoft Malware Protection Engine to version 1.1.16400.2 or later. Microsoft Defender to be disabled, if other anti-malware solution is used (CVE-2019-1255).
    • ➢ Latest Non-OS qualified security patches: None (last updated 16 September 2019)
    Changes for 6.9.6 Release 3:Added qualified patches and unqualified vulnerabilities
    Changes for 6.9.6 Release 2: Added qualified patches and unqualified vulnerabilities
    Changes for 6.9.6 Release 1: Added qualified patches and unqualified vulnerabilities
    Changes for 6.9.5 and 6.9: Added qualified patches and unqualified vulnerabilities

    Changes for Pre-6.9: Qualified new security patches

    Pre-6.9: Security patch updates (last updated 16 August 2019)

    Anti-Virus Instructions

    CHANGES FOR ALTIX BT21 (V7.1): QUALIFIED INSTALLATION INSTRUCTIONS
    Anti-Virus Installation Instructions (last updated 16 April 2020)
    CHANGES FOR ALTIX (V7): QUALIFIED INSTALLATION INSTRUCTIONS
    Anti-Virus Installation Instructions (last updated 2 April 2019)
    Changes for 6.9.6 Release 3: Qualified installation instructions and added additional translations
    Changes for 6.9.6 Release 2: Added German and French translations
    Changes for 6.9.6 Release 1: None

    Changes for Pre-6.9, 6.9, 6.9.5: None

    Pre-6.9, 6.9, 6.9.5: Anti-Virus Installation Instructions (last updated 22 August 2019)

    Software Requirements

    Hemodynamic Recording, Electrophysiology Recording, and Cardiovascular Information Technologies

    Security Patches

    CVE-2020-1350 | Windows DNS Server Remote Code Execution Vulnerability
    1.Does not impact ALTIX (V7) servers as they are not configured as DNS server.
    2.For Mac-Lab/CardioLab V6.9, 6.9.5 and 6.9.6 R1/R2/R3 on Windows 2008 R2 SP1 server,


    Microsoft has released a patch that addresses the vulnerability which is available for customers who have purchased Extended Support Updates (ESU). For these customers, it is recommended that the security update KB4565539 be applied to all Mac-Lab/CardioLab systems in the network instead of the workaround.

    CVE-2020-10713 - BootHole (GRUB) Vulnerability Recommendation:
    Set BIOS Admin Password to prevent alteration of the BIOS Setup configuration, such as the boot device, and Secure Boot mode. For AltiX, instructions are included in Privacy and Security Manual.

    Based on the configuration v6.9.6 R1, v6.9.6 R2, v6.9.6 R3, v6.9.5 & v6.9 are not impacted.
    Based on the configuration AltiX Acquisition systems are not impacted.
    All AltiX Software Only Systems (including INW Server) are customer managed hardware. Please check the impact and take steps appropriately.
    For AltiX, Review Systems are configured by default to allow booting to internal boot device, additionally customer can set BIOS Admin Password as stated above.

    CHANGES FOR ALTIX BT21 (V7.1):
  • Refer to Security Patch Updates(last updated 18 August 2020) for list of qualified patches
  • For all applicable patches, only apply qualified patches.
    • Latest qualified OS security patches: July 2020
    • Latest qualified Non-OS security patches: April 2020
  • Following would be notified in this website from time to time:
    • Issues related to Windows OS and Third Party Security Only Patches (if any).
    • Recommended actions for notified issues.
  • Security patches at release: List of security patches installed at release: (last updated 30 July 2020)
  • CHANGES FOR ALTIX (v7):
    • Refer to AltiX:Security Patch Updates(last updated 18 August 2020) for list of qualified patches
    • Only qualified patches to be applied on the system. Refer the above document.
    • Customers using Microsoft Defender to update Microsoft Malware Protection Engine to version 1.1.16400.2 or later. Microsoft Defender to be disabled, if other anti-malware solution is used (CVE-2019-1255).
    • ➢ Latest Non-OS qualified security patches: None (last updated 16 September 2019)
    Changes for 6.9.6 Release 3:Added qualified patches and unqualified vulnerabilities
    Changes for 6.9.6 Release 2: Added qualified patches and unqualified vulnerabilities
    Changes for 6.9.6 Release 1: Added qualified patches and unqualified vulnerabilities
    Changes for 6.9.5 and 6.9: Added qualified patches and unqualified vulnerabilities

    Changes for Pre-6.9: Qualified new security patches

    Pre-6.9: Security patch updates (last updated 16 August 2019)

    Anti-Virus Instructions

    CHANGES FOR ALTIX BT21 (V7.1): QUALIFIED INSTALLATION INSTRUCTIONS
    Anti-Virus Installation Instructions (last updated 16 April 2020)
    CHANGES FOR ALTIX (V7): QUALIFIED INSTALLATION INSTRUCTIONS
    Anti-Virus Installation Instructions (last updated 2 April 2019)
    Changes for 6.9.6 Release 3: Qualified installation instructions and added additional translations
    Changes for 6.9.6 Release 2: Added German and French translations
    Changes for 6.9.6 Release 1: None

    Changes for Pre-6.9, 6.9, 6.9.5: None

    Pre-6.9, 6.9, 6.9.5: Anti-Virus Installation Instructions (last updated 22 August 2019)

    Software Requirements