The BlueKeep issue is a remote code execution vulnerability in Remote Desktop Services (RDS) that it can be exploited by an unauthenticated attacker by connecting to the targeted system via the RDP and sending specially crafted requests.
As explained by Microsoft, this vulnerability could be triggered by malware with wormable capabilities, it could be exploited without user interaction, making it possible for malware to spread in an uncontrolled way into the target networks.
Several security experts have already developed their own exploit code for this issue without publicly disclosing it for obvious reasons.
After the release of security updates for the BlueKeep, Siemens started assessing its Healthineers products. Now Siemens has published six security advisories to warn its customers of potential risks,
“Some Siemens Healthineers software products are affected by this vulnerability.” reads an advisory published by Siemens. “The exploitability of the vulnerability depends on the specific configuration and deployment environment of each product. Siemens Healthineers recommends installing the appropriate security patches released by Microsoft.”
The company pointed out that it cannot guarantee the compatibility of Microsoft security patches with products from Siemens Healthineers that are beyond their End of Support.
Impacted products include MagicLinkA, MagicView, Medicalis solutions, Screening Navigator,
For most of the products, the advisories suggest disabling RDP, blocking TCP port 3389, and implementing workarounds suggested by Microsoft.
(SecurityAffairs – Healthineers, BlueKeep)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.