New Invasive Cardiology Product Security

Hemodynamic Recording, Electrophysiology Recording, and Cardiovascular Information Technologies

Security Patches

PrintNightmare (CVE-2021-34527) Vulnerability

    Customers interested in protection from this vulnerability may apply the workarounds developed by Microsoft to address this vulnerability as a preventative measure:
    1. For AltiX / AltiX BT21, KB5004948(Windows 10 1607 LTSB / Windows Server 2016) and KB5004947 (Windows 10 1809 LTSC) released by Microsoft are qualified.
    2. For MLCL v6.9,v6.9.5,v6.9.6 R1,v6.9.6 R2,v6.9.6 R3:
    a. For INW Servers (Windows Server 2008 R2), the Microsoft recommended workaround may be used to disable the Print Spooler service (option 1).
    b. Disabling the Print Spooler service (option 1) on Client Systems ( Windows 7) would impact the ability to print Word reports, perform a 12 lead print, etc. The policy update workaround (option 2) would allow printing only to a directly attached printer. If access to the network printer is not required or for your enterprise a mitigation is required until qualified patch is made available, the Microsoft published workaround through policy(option 2) can be used on the client systems in the network.
    Currently released Microsoft Workarounds are available at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527
CVE-2020-1350 | Windows DNS Server Remote Code Execution Vulnerability
1.Does not impact ALTIX (V7) servers as they are not configured as DNS server.
2.For Mac-Lab/CardioLab V6.9, 6.9.5 and 6.9.6 R1/R2/R3 on Windows 2008 R2 SP1 server,
Microsoft has released a patch that addresses the vulnerability which is available for customers who have purchased Extended Support Updates (ESU). For these customers, it is recommended that the security update KB4565539 be applied to all Mac-Lab/CardioLab systems in the network instead of the workaround.

CVE-2020-10713 - BootHole (GRUB) Vulnerability Recommendation:
Set BIOS Admin Password to prevent alteration of the BIOS Setup configuration, such as the boot device, and Secure Boot mode. For AltiX, instructions are included in Privacy and Security Manual.

Based on the configuration v6.9.6 R1, v6.9.6 R2, v6.9.6 R3, v6.9.5 & v6.9 are not impacted.
Based on the configuration AltiX Acquisition systems are not impacted.
All AltiX Software Only Systems (including INW Server) are customer managed hardware. Please check the impact and take steps appropriately.
For AltiX, Review Systems are configured by default to allow booting to internal boot device, additionally customer can set BIOS Admin Password as stated above.

CHANGES FOR ALTIX BT21 (V7.1):
  • Refer to Security Patch Updates(last updated 19 July 2021) for list of qualified patches
  • Only qualified patches to be applied on the system. Refer the above document.
  • Customers using Microsoft Defender to update Microsoft Malware Protection Engine to version 1.1.17700.4 or later. Microsoft Defender to be disabled, if other anti-malware solution is used (CVE-2019-1255, CVE-2021-1647).
  • Following would be notified in this website from time to time:
    • Issues related to Windows OS and Third Party Security Only Patches (if any).
    • Recommended actions for notified issues.
  • Security patches at release: List of security patches installed at release (last updated 14 April 2021)
  • CHANGES FOR ALTIX (v7):
    • Refer to Security Patch Updates(last updated 19 July 2021) for list of qualified patches
    • Only qualified patches to be applied on the system. Refer the above document.
    • Customers using Microsoft Defender to update Microsoft Malware Protection Engine to version 1.1.17700.4 or later. Microsoft Defender to be disabled, if other anti-malware solution is used (CVE-2019-1255, CVE-2021-1647).
    • ➢ Latest Non-OS qualified security patches: None (last updated 16 September 2019)
    Changes for 6.9.6 Release 3:Added qualified patches and unqualified vulnerabilities
    Changes for 6.9.6 Release 2: Added qualified patches and unqualified vulnerabilities
    Changes for 6.9.6 Release 1: Added qualified patches and unqualified vulnerabilities
    Changes for 6.9.5 and 6.9: Added qualified patches and unqualified vulnerabilities

    Changes for Pre-6.9: Qualified new security patches

    Pre-6.9: Security patch updates (last updated 16 August 2019)

    Anti-Virus Instructions

    CHANGES FOR ALTIX BT21 (V7.1): QUALIFIED INSTALLATION INSTRUCTIONS
    Anti-Virus Installation Instructions (last updated 16 April 2020)
    CHANGES FOR ALTIX (V7): QUALIFIED INSTALLATION INSTRUCTIONS
    Anti-Virus Installation Instructions (last updated 2 April 2019)
    Changes for 6.9.6 Release 3: Qualified installation instructions and added additional translations
    Changes for 6.9.6 Release 2: Added German and French translations
    Changes for 6.9.6 Release 1: None

    Changes for Pre-6.9, 6.9, 6.9.5: None

    Pre-6.9, 6.9, 6.9.5: Anti-Virus Installation Instructions (last updated 22 August 2019)

    Software Requirements

    Hemodynamic Recording, Electrophysiology Recording, and Cardiovascular Information Technologies

    Security Patches

    PrintNightmare (CVE-2021-34527) Vulnerability

      Customers interested in protection from this vulnerability may apply the workarounds developed by Microsoft to address this vulnerability as a preventative measure:
      1. For AltiX / AltiX BT21, KB5004948(Windows 10 1607 LTSB / Windows Server 2016) and KB5004947 (Windows 10 1809 LTSC) released by Microsoft are qualified.
      2. For MLCL v6.9,v6.9.5,v6.9.6 R1,v6.9.6 R2,v6.9.6 R3:
      a. For INW Servers (Windows Server 2008 R2), the Microsoft recommended workaround may be used to disable the Print Spooler service (option 1).
      b. Disabling the Print Spooler service (option 1) on Client Systems ( Windows 7) would impact the ability to print Word reports, perform a 12 lead print, etc. The policy update workaround (option 2) would allow printing only to a directly attached printer. If access to the network printer is not required or for your enterprise a mitigation is required until qualified patch is made available, the Microsoft published workaround through policy(option 2) can be used on the client systems in the network.
      Currently released Microsoft Workarounds are available at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527
    CVE-2020-1350 | Windows DNS Server Remote Code Execution Vulnerability
    1.Does not impact ALTIX (V7) servers as they are not configured as DNS server.
    2.For Mac-Lab/CardioLab V6.9, 6.9.5 and 6.9.6 R1/R2/R3 on Windows 2008 R2 SP1 server,
    Microsoft has released a patch that addresses the vulnerability which is available for customers who have purchased Extended Support Updates (ESU). For these customers, it is recommended that the security update KB4565539 be applied to all Mac-Lab/CardioLab systems in the network instead of the workaround.

    CVE-2020-10713 - BootHole (GRUB) Vulnerability Recommendation:
    Set BIOS Admin Password to prevent alteration of the BIOS Setup configuration, such as the boot device, and Secure Boot mode. For AltiX, instructions are included in Privacy and Security Manual.

    Based on the configuration v6.9.6 R1, v6.9.6 R2, v6.9.6 R3, v6.9.5 & v6.9 are not impacted.
    Based on the configuration AltiX Acquisition systems are not impacted.
    All AltiX Software Only Systems (including INW Server) are customer managed hardware. Please check the impact and take steps appropriately.
    For AltiX, Review Systems are configured by default to allow booting to internal boot device, additionally customer can set BIOS Admin Password as stated above.

    CHANGES FOR ALTIX BT21 (V7.1):
  • Refer to Security Patch Updates(last updated 19 July 2021) for list of qualified patches
  • Only qualified patches to be applied on the system. Refer the above document.
  • Customers using Microsoft Defender to update Microsoft Malware Protection Engine to version 1.1.17700.4 or later. Microsoft Defender to be disabled, if other anti-malware solution is used (CVE-2019-1255, CVE-2021-1647).
  • Following would be notified in this website from time to time:
    • Issues related to Windows OS and Third Party Security Only Patches (if any).
    • Recommended actions for notified issues.
  • Security patches at release: List of security patches installed at release (last updated 14 April 2021)
  • CHANGES FOR ALTIX (v7):
    • Refer to Security Patch Updates(last updated 19 July 2021) for list of qualified patches
    • Only qualified patches to be applied on the system. Refer the above document.
    • Customers using Microsoft Defender to update Microsoft Malware Protection Engine to version 1.1.17700.4 or later. Microsoft Defender to be disabled, if other anti-malware solution is used (CVE-2019-1255, CVE-2021-1647).
    • ➢ Latest Non-OS qualified security patches: None (last updated 16 September 2019)
    Changes for 6.9.6 Release 3:Added qualified patches and unqualified vulnerabilities
    Changes for 6.9.6 Release 2: Added qualified patches and unqualified vulnerabilities
    Changes for 6.9.6 Release 1: Added qualified patches and unqualified vulnerabilities
    Changes for 6.9.5 and 6.9: Added qualified patches and unqualified vulnerabilities

    Changes for Pre-6.9: Qualified new security patches

    Pre-6.9: Security patch updates (last updated 16 August 2019)

    Anti-Virus Instructions

    CHANGES FOR ALTIX BT21 (V7.1): QUALIFIED INSTALLATION INSTRUCTIONS
    Anti-Virus Installation Instructions (last updated 16 April 2020)
    CHANGES FOR ALTIX (V7): QUALIFIED INSTALLATION INSTRUCTIONS
    Anti-Virus Installation Instructions (last updated 2 April 2019)
    Changes for 6.9.6 Release 3: Qualified installation instructions and added additional translations
    Changes for 6.9.6 Release 2: Added German and French translations
    Changes for 6.9.6 Release 1: None

    Changes for Pre-6.9, 6.9, 6.9.5: None

    Pre-6.9, 6.9, 6.9.5: Anti-Virus Installation Instructions (last updated 22 August 2019)

    Software Requirements