SARS-CoV-2 Test Development Information

Aggiornamenti relativi alla protezione dei prodotti

CryptoAPI

January 20th, 2020

Background

On January 14, 2020, Microsoft released patches to remediate 49 vulnerabilities within their monthly Patch Tuesday announcement. Amongst the available patches, is the vulnerability (CVE-2020-0601) affecting Microsoft Windows cryptographic functionality known as Windows CryptoAPI. The vulnerability affects GeneXpert systems running on Windows 10 Professional.

Response

Cepheid is aware of this identified vulnerability and is currently monitoring related developments. Cepheid has not received any reports of these vulnerabilities affecting the clinical use of our products and is evaluating the potential impact of the vulnerability on its products.

Cepheid has not yet confirmed compatibility of its GeneXpert systems with patches that mitigate CVE-2020-0601. The compatibility testing process is underway, and we expect it to be completed within the next several weeks.   

If you would like to be notified when compatibility testing is completed, please contact your local Cepheid Technical support team or email Questo indirizzo email è protetto dagli spambots. È necessario abilitare JavaScript per vederlo..

DejaBlue

September 13, 2019

Background

On August 13, 2019 Microsoft released a set of fixes for Remote Desktop Services that include two critical Remote Code Execution (RCE) vulnerabilities, CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, and CVE-2019-1226. Like the previously-fixed ‘BlueKeep’ vulnerability (CVE-2019-0708), these two vulnerabilities are also ‘wormable’, meaning that any future malware that exploits these could propagate from vulnerable computer to vulnerable computer without user interaction.

The affected versions of Windows are Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, and all supported versions of Windows 10, including server versions.

Windows XP, Windows Server 2003, and Windows Server 2008 are not affected, nor is the Remote Desktop Protocol (RDP) itself affected.

Response

Cepheid has validated the installation of the following Microsoft patches for its GeneXpert systems and where appropriate, developed specific customer instructions for those systems. For detailed information on each Cepheid product, please see product list below.

If you have any questions, please contact your local Cepheid Technical support team or email Questo indirizzo email è protetto dagli spambots. È necessario abilitare JavaScript per vederlo..

Software Version Patch location Additional Steps
GeneXpert Dx https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1181
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1222
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1226

Install patch for your operating system and build
Restart computer

Xpertise G1 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1181
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1222
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1226
Install patch for your operating system and build
Restart computer
Xpertise G2 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1181
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1222
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1226
Install patch for your operating system and build
Restart computer
GeneXpert Xpress https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1181
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1222
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1226
Install patch for your operating system and build
Restart computer
Cepheid Link https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1181
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1222
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1226
Install patch for your operating system and build
Restart computer
XpertCheck https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1181
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1222
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1226
Install patch for your operating system and build
Restart computer

CVE-2019-0708 Vulnerabilità di Remote Desktop Protocol (RDP) (BlueKeep)

Updated July 25, 2019

Premessa

Il 15 maggio 2019, Microsoft ha rilasciato una patch relativa ad una vulnerabilità legata all’esecuzione di un codice critico in Servizi Desktop remoto (CVE-2019-0708). CVE-2019-0708 è una vulnerabilità, non un virus. Questa vulnerabilità può essere sfruttata in modalità remota senza autenticazione sui sistemi che utilizzano Servizi Desktop remoto come parte di Windows XP e Windows 7. 

Response

Cepheid has validated the installation of the Microsoft patch for CVE-2019-0708 and where appropriate, developed specific customer instructions for those systems. For detailed information on each Cepheid product, please see products list below.

If you have any questions, please contact your local Cepheid Technical support team or email Questo indirizzo email è protetto dagli spambots. È necessario abilitare JavaScript per vederlo.

Product Line

Patch location

Additional Steps

Dx SW

Win XP:  https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708
Win 7:  https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

Restart PC after installation of patch

Xpertise SW - G1

Win XP:  https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708
Win 7:  https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

Restart PC after installation of patch

Xpertise SW - G2

Win XP:  https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708
Win 7:  https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

Restart PC after installation of patch

Xpress

Win XP:  https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708
Win 7:  https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

Restart PC after installation of patch

ONCore

Win XP:  https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708
Win 7:  https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

Restart PC after installation of patch

Cepheid Link

Win XP:  https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708
Win 7:  https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

Restart PC after installation of patch

XpertCheck

Win XP:  https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708
Win 7:  https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

Restart PC after installation of patch


Risposta (June 13, 2019)

Cepheid è consapevole di questa vulnerabilità identificata e sta attualmente monitorando gli sviluppi correlati. Cepheid non ha ricevuto alcuna segnalazione che questa vulnerabilità comprometta l’uso clinico dei suoi prodotti e sta valutando il potenziale impatto della vulnerabilità sui medesimi.

Cepheid non ha ancora confermato la compatibilità dei suoi sistemi GeneXpert con le patch che mitigano CVE-2019-0708. Il processo di test della compatibilità è attualmente in corso e prevediamo di portarlo a termine entro le prossime settimane.

Per ricevere una notifica non appena i test di compatibilità saranno conclusi, La preghiamo di contattare il team locale dell’Assistenza Tecnica di Cepheid o di inviare un messaggio di posta elettronica Questo indirizzo email è protetto dagli spambots. È necessario abilitare JavaScript per vederlo.