PRODUCT SECURITY BULLETIN: MICROSOFT CRYPTOAPI SPOOFING

Abbott is monitoring developments related to the recently published CISA Alert (Alert AA20-014A) identifying vulnerabilities in Microsoft’s Windows CryptoAPI, an application programming interface that enables developers to secure Windows-based applications. This vulnerability could allow an attacker to spoof code-signing certificate validation, enabling unwanted or malicious software to masquerade as authentically signed by a trusted or trustworthy organization. This vulnerability affects all machines running 32- or 64-bit Windows 10 operating systems, including Windows Server versions 2016 and 2019.

The vast majority of Abbott products are unaffected by this advisory. For those products that do use the impacted operating system, Abbott’s product security and quality teams are evaluating the vulnerabilities for potential impact, including further actions and updates that may be required. There are currently no known exploits of Abbott products related to CryptoAPI.

Affected Products

Abbott is providing the list below to assist customers in identifying Abbott products that could potentially be impacted by the Windows 10 CryptoAPI vulnerability. This list below is subject to change based on additional information related to impacted operating systems, operating system vendor actions and additional impacted products that are identified.

Additional Information

Customers interested in additional information regarding patches, procedures or configuration changes on any Abbott products should contact their Abbott assigned account or customer support representative.

Abbott is committed to ensuring the safety and security our products. For more information on Abbott’s product cybersecurity program please click here.