SARS-CoV-2 Test Development Information

Produktsicherheitsupdates

CryptoAPI

January 20th, 2020

Background

On January 14, 2020, Microsoft released patches to remediate 49 vulnerabilities within their monthly Patch Tuesday announcement. Amongst the available patches, is the vulnerability (CVE-2020-0601) affecting Microsoft Windows cryptographic functionality known as Windows CryptoAPI. The vulnerability affects GeneXpert systems running on Windows 10 Professional.

Response

Cepheid is aware of this identified vulnerability and is currently monitoring related developments. Cepheid has not received any reports of these vulnerabilities affecting the clinical use of our products and is evaluating the potential impact of the vulnerability on its products.

Cepheid has not yet confirmed compatibility of its GeneXpert systems with patches that mitigate CVE-2020-0601. The compatibility testing process is underway, and we expect it to be completed within the next several weeks.   

If you would like to be notified when compatibility testing is completed, please contact your local Cepheid Technical support team or email Diese E-Mail-Adresse ist vor Spambots geschützt! Zur Anzeige muss JavaScript eingeschaltet sein!.

DejaBlue

September 13, 2019

Background

On August 13, 2019 Microsoft released a set of fixes for Remote Desktop Services that include two critical Remote Code Execution (RCE) vulnerabilities, CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, and CVE-2019-1226. Like the previously-fixed ‘BlueKeep’ vulnerability (CVE-2019-0708), these two vulnerabilities are also ‘wormable’, meaning that any future malware that exploits these could propagate from vulnerable computer to vulnerable computer without user interaction.

The affected versions of Windows are Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, and all supported versions of Windows 10, including server versions.

Windows XP, Windows Server 2003, and Windows Server 2008 are not affected, nor is the Remote Desktop Protocol (RDP) itself affected.

Response

Cepheid has validated the installation of the following Microsoft patches for its GeneXpert systems and where appropriate, developed specific customer instructions for those systems. For detailed information on each Cepheid product, please see product list below.

If you have any questions, please contact your local Cepheid Technical support team or email Diese E-Mail-Adresse ist vor Spambots geschützt! Zur Anzeige muss JavaScript eingeschaltet sein!.

Software Version Patch location Additional Steps
GeneXpert Dx https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1181
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1222
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1226

Install patch for your operating system and build
Restart computer

Xpertise G1 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1181
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1222
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1226
Install patch for your operating system and build
Restart computer
Xpertise G2 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1181
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1222
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1226
Install patch for your operating system and build
Restart computer
GeneXpert Xpress https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1181
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1222
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1226
Install patch for your operating system and build
Restart computer
Cepheid Link https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1181
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1222
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1226
Install patch for your operating system and build
Restart computer
XpertCheck https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1181
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1222
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1226
Install patch for your operating system and build
Restart computer

Sicherheitslücke CVE-2019-0708 im Remotedesktopprotokoll (Bluekeep)

Updated July 25, 2019

Hintergrund

Am 15. Mai 2019 veröffentlichte Microsoft einen Patch für eine kritische Sicherheitslücke bezüglich der Remote-Code-Ausführung in den Remotedesktopdiensten (CVE-2019-0708). CVE-2019-0708 ist eine Sicherheitslücke, kein Virus. Diese Sicherheitslücke ist aus der Ferne ohne Authentifizierung bei Systemen ausnutzbar, die Remotedesktopdienste im Rahmen von Windows XP und Windows 7 nutzen. 

Reaktion

Cepheid has validated the installation of the Microsoft patch for CVE-2019-0708 and where appropriate, developed specific customer instructions for those systems. For detailed information on each Cepheid product, please see products list below.

If you have any questions, please contact your local Cepheid Technical support team or email Diese E-Mail-Adresse ist vor Spambots geschützt! Zur Anzeige muss JavaScript eingeschaltet sein!

Product Line

Patch location

Additional Steps

Dx SW

Win XP: https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708
Win 7: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

Restart PC after installation of patch

Xpertise SW - G1

Win XP: https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708
Win 7: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

Restart PC after installation of patch

Xpertise SW - G2

Win XP: https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708
Win 7: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

Restart PC after installation of patch

Xpress

Win XP: https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708
Win 7: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

Restart PC after installation of patch

ONCore

Win XP: https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708
Win 7: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

Restart PC after installation of patch

Cepheid Link

Win XP: https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708
Win 7: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

Restart PC after installation of patch

XpertCheck

Win XP: https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708
Win 7: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

Restart PC after installation of patch


Reaktion (June 13, 2019)

Cepheid ist sich dieser identifizierten Sicherheitslücke bewusst und beobachtet derzeit die diesbezüglichen Entwicklungen. Bei Cepheid sind keinerlei Meldungen darüber eingegangen, dass diese Sicherheitslücke den klinischen Nutzen unserer Produkte beeinflusst. Aktuell arbeiten wir an der Bewertung potenzieller Auswirkungen der Sicherheitslücke auf unsere Produkte.

Bis jetzt kann Cepheid noch nicht bestätigen, dass die GeneXpert-Systeme mit Patches zur Behebung der Sicherheitslücke CVE-2019-0708 kompatibel sind. Kompatibilitätsprüfungen sind veranlasst und werden voraussichtlich in den nächsten Wochen abgeschlossen sein.

Falls Sie benachrichtigt werden möchten, sobald die Kompatibilitätsprüfungen abgeschlossen sind, wenden Sie sich bitte an Ihr zuständiges technisches Kundendienstteam von Cepheid oder schicken Sie eine E-Mail an Diese E-Mail-Adresse ist vor Spambots geschützt! Zur Anzeige muss JavaScript eingeschaltet sein!