PRODUCT SECURITY BULLETIN: Microsoft CryptoAPI spoofing

Publication Date: 02/11/2020
Last Updated: 02/11/2020

Abbott is monitoring developments related to the recently published CISA Alert (Alert AA20-014A) identifying vulnerabilities in Microsoft’s Windows CryptoAPI, an application programming interface that enables developers to secure Windows-based applications. This vulnerability could allow an attacker to spoof code-signing certificate validation, enabling unwanted or malicious software to masquerade as authentically signed by a trusted or trustworthy organization. This vulnerability affects all machines running 32- or 64-bit Windows 10 operating systems, including Windows Server versions 2016 and 2019.

The vast majority of Abbott products are unaffected by this advisory. For those products that do use the impacted operating system, Abbott’s product security and quality teams are evaluating the vulnerabilities for potential impact, including further actions and updates that may be required. There are currently no known exploits of Abbott products related to CryptoAPI.

Affected Products

Abbott is providing the list below to assist customers in identifying Abbott products that could potentially be impacted by the Windows 10 CryptoAPI vulnerability. This list below is subject to change based on additional information related to impacted operating systems, operating system vendor actions and additional impacted products that are identified.

 

Product

Impact

Remediation

Alinity ci series

May impact the software update process because Abbott field personnel use ECC certificates locally when updating software.

Note: ECC Certificates are not used for software updates provided over the network.

Abbott is evaluating an update that will include a patch for this vulnerability, expected in 2020.

Additional Information

Customers interested in additional information regarding patches, procedures or configuration changes on any Abbott products should contact their Abbott assigned account or customer support representative.

Abbott is committed to ensuring the safety and security our products. For more information on Abbott’s product cybersecurity program please click here.

 

true
accessibility

You are about to exit for another Abbott country or region specific website

Please be aware that the website you have requested is intended for the residents of a particular country or region, as noted on that site. As a result, the site may contain information on pharmaceuticals, medical devices and other products or uses of those products that are not approved in other countries or regions.


The website you have requested also may not be optimized for your specific screen size.

Do you wish to continue and exit this website?

accessibility

You are about to exit the Abbott family of websites for a 3rd party website

Links which take you out of Abbott worldwide websites are not under the control of Abbott, and Abbott is not responsible for the contents of any such site or any further links from such site. Abbott is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement of the linked site by Abbott.


The website that you have requested also may not be optimized for your screen size.

Do you wish to continue and exit this website?