® SecurView 6-0-6 Cybersecurity Product Report 1. A Message to Our Customers Hologic, Inc. continues its dedication and commitment to provide the highest quality products and services to help treat your patients with the best possible experience we can offer. We at Hologic are aware of the threat malicious users and viruses pose. We want you to know about the efforts that we have put forth in evaluating the risks to our products caused by these malicious attacks and computer vulnerabilities, and the countermeasures we take to combat them. Hologic’s Response to Malicious Attacks, Viruses, and Malware Hologic recognizes the need to react quickly to new vulnerabilities that may affect your systems. Of greatest concern to us are ‘Zero Day’ exploits. These are exploits that have not yet been acknowledged by vendors (via a patch or fix method). Hologic has introduced a number of actions to deal with existing and future malicious attacks. They include: • Cybersecurity Team. This team regularly convenes to assess how recent security patch releases may affect our products. • Release of a Best Practices Guide to further minimize any harmful exposure. • On-going monitoring of the information security industry for new vulnerabilities. • Periodic Vulnerability Assessments of Hologic products. 2. Products Affected This document pertains to all SecurView 6-0-6 workstations. 3. Antivirus Protection Hologic acknowledges your concern for obtaining antivirus protection. Therefore, we have evaluated SecurView with several commercial antivirus products. Please review the ‘Antivirus installation instructions’ document specific for each product at http://www.hologic.com/product-support-link/overview/. Please contact your Hologic Customer Service Representative for assistance with installation of these products if you have any questions. Please ensure that you follow our installation and configuration guide to ensure optimal performance and security. We strongly encourage customers to use only antivirus products that we have officially validated, to ensure the continual safety and reliability of our medical related product in order to provide optimal patient care. However, if you insist on using an untested antivirus solution, you use it at your own risk. In the event of system corruption, Hologic will restore the system to the factory default state and will charge for time and materials. 4. Operating System Updates and Security Patches Hologic performs risk analysis to determine the potential consequences of published exploits. We also analyze any risk to the system from applying a security patch. Your Hologic workstation is a medical device and as such, recommended security patches are validated by Hologic for effectiveness. Only Hologic-validated security patches should be installed on your Hologic workstations. If you install these security patches, please follow MAN-01213 Rev 007, January 2011 Page 1 of 9 SecurView 6-0-6 Cybersecurity Product Report the Customer Validation Form provided to ensure the workstation operates properly after installation. Service Packs must be installed and validated by Hologic and cannot be customer validated. The security patches issued in the following Microsoft bulletins have been validated to work with SecurView 6-0-6 running on Windows XP Professional (SP3) and Windows 2003 Server Standard Edition (SP2): MS06-033: Vulnerability in ASP.NET Could Allow Information Disclosure http://www.microsoft.com/technet/security/bulletin/MS06-033.mspx MS06-056: Vulnerability in ASP.NET 2.0 Could Allow Information Disclosure http://www.microsoft.com/technet/security/bulletin/MS06-056.mspx MS07-040: Vulnerabilities in .NET Framework Could Allow Remote Code Execution http://www.microsoft.com/technet/security/bulletin/MS07-040.mspx MS08-032: Cumulative Security Update of ActiveX Kill Bits http://www.microsoft.com/technet/security/bulletin/MS08-032.mspx MS08-036: Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service http://www.microsoft.com/technet/security/bulletin/MS08-036.mspx MS08-048: Security Update for Outlook Express and Windows Mail http://www.microsoft.com/technet/security/bulletin/MS08-048.mspx MS08-050: Vulnerability in Windows Messenger Could Allow Information Disclosure http://www.microsoft.com/technet/security/bulletin/MS08-050.mspx MS08-067: Vulnerability in Server Service Could Allow Remote Code Execution http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx MS08-069: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution http://www.microsoft.com/technet/security/bulletin/MS08-069.mspx MS08-076: Vulnerabilities in Windows Media Components Could Allow Remote Code Execution http://www.microsoft.com/technet/security/bulletin/MS08-076.mspx MS09-006: Vulnerabilities in Windows Kernel Could Allow Remote Code Execution http://www.microsoft.com/technet/security/bulletin/MS09-006.mspx MS09-007: Vulnerability in SChannel Could Allow Spoofing http://www.microsoft.com/technet/security/bulletin/MS09-007.mspx MS09-010: Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution http://www.microsoft.com/technet/security/bulletin/MS09-010.mspx MS09-011: Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution http://www.microsoft.com/technet/security/bulletin/MS09-011.mspx MS09-012: Vulnerabilities in Windows Could Allow Elevation of Privilege http://www.microsoft.com/technet/security/bulletin/MS09-012.mspx MS09-013: Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution http://www.microsoft.com/technet/security/bulletin/MS09-013.mspx MS09-014: Cumulative Security Update for Internet Explorer http://www.microsoft.com/technet/security/bulletin/MS09-014.mspx MS09-015: Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege http://www.microsoft.com/technet/security/bulletin/MS09-015.mspx MS09-020: Vulnerabilities in IIS Could Allow Elevation of Privilege http://www.microsoft.com/technet/security/bulletin/MS09-020.mspx Page 2 of 9 MAN-01213 Rev 007 SecurView 6-0-6 Cybersecurity Product Report MS09-022: Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution http://www.microsoft.com/technet/security/bulletin/MS09-022.mspx MS09-025: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege http://www.microsoft.com/technet/security/bulletin/MS09-025.mspx MS09-026: Vulnerability in RPC Could Allow Elevation of Privilege http://www.microsoft.com/technet/security/bulletin/MS09-026.mspx MS09-028: Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution http://www.microsoft.com/technet/security/bulletin/MS09-028.mspx MS09-029: Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution http://www.microsoft.com/technet/security/bulletin/MS09-029.mspx MS09-032: Cumulative Security Update of ActiveX Kill Bits http://www.microsoft.com/technet/security/bulletin/MS09-032.mspx MS09-034: Cumulative Security Update for Internet Explorer http://www.microsoft.com/technet/security/bulletin/MS09-034.mspx MS09-035: Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution http://www.microsoft.com/technet/security/bulletin/MS09-035.mspx MS09-037: Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution http://www.microsoft.com/technet/security/bulletin/MS09-037.mspx MS09-038: Vulnerabilities in Windows Media File Processing Could Allow Remote Code Execution http://www.microsoft.com/technet/security/bulletin/MS09-038.mspx MS09-041: Vulnerability in Workstation Service Could Allow Elevation of Privilege http://www.microsoft.com/technet/security/bulletin/MS09-041.mspx MS09-042: Vulnerability in Telnet Could Allow Remote Code Execution http://www.microsoft.com/technet/security/bulletin/MS09-042.mspx MS09-044: Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution http://www.microsoft.com/technet/security/bulletin/MS09-044.mspx MS09-045: Vulnerability in JScript Scripting Engine Could Allow Remote Code Execution http://www.microsoft.com/technet/security/bulletin/MS09-045.mspx MS09-046: Vulnerability in DHTML Editing Component ActiveX Control Could Allow Remote Code Execution http://www.microsoft.com/technet/security/bulletin/MS09-046.mspx MS09-047: Vulnerabilities in Windows Media Format Could Allow Remote Code Execution http://www.microsoft.com/technet/security/bulletin/MS09-047.mspx MS09-051: Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution http://www.microsoft.com/technet/security/bulletin/MS09-051.mspx MS09-052: Vulnerability in Windows Media Player Could Allow Remote Code Execution http://www.microsoft.com/technet/security/bulletin/MS09-052.mspx MS09-054: Cumulative Security Update for Internet Explorer http://www.microsoft.com/technet/security/bulletin/MS09-054.mspx MS09-055: Cumulative Security Update of ActiveX Kill Bits http://www.microsoft.com/technet/security/bulletin/MS09-055.mspx MS09-056: Vulnerabilities in Windows CryptoAPI Could Allow Spoofing http://www.microsoft.com/technet/security/bulletin/MS09-056.mspx MS09-057: Vulnerability in Indexing Service Could Allow Remote Code Execution http://www.microsoft.com/technet/security/bulletin/MS09-057.mspx MAN-01213 Rev 007 Page 3 of 9 SecurView 6-0-6 Cybersecurity Product Report MS09-058: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege http://www.microsoft.com/technet/security/bulletin/MS09-058.mspx MS09-059: Vulnerability in Local Security
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages9 Page
-
File Size-