Publication Date: 29 October 2020 

Update Date: 29 October 2020

 

Philips is currently monitoring developments and updates related to the recent joint cybersecurity advisory coauthored by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS), which is related to recent ransomware attacks on healthcare organizations.

 

The advisory highlighted Ryuk ransomware campaign's threat, which exploits the Microsoft Netlogon vulnerability (CVE-2020-1472). The Microsoft netlogon vulnerability is an escalation of privilege vulnerability. As reported by Microsoft, an elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network.

 

As part of product security policy and protocols, Philips’ teams are evaluating Philips’ products and solutions utilizing Microsoft Operating Systems for potential impacts from these reported vulnerabilities and validating actions. Philips is also monitoring for OS updates related to these vulnerabilities and evaluating further possible actions as needed.

 

Microsoft is addressing the vulnerability in a phased two-part rollout, the first part Microsoft released a patch in August, with the second part projected for early next year. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels. Philips is currently in the process of evaluating the Microsoft patch and vendor recommended mitigation options. According to Microsoft, to exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access.


Philips is committed to ensuring the safety, security, integrity, and regulatory compliance of our products to be deployed and to operate within Philips approved product specifications. Therefore, in accordance with Philips policy and regulatory requirements, all changes of configuration or software to Philips’ products (including operating system security updates and patches) may be implemented only in accordance with Philips product-specific, verified & validated, authorized, and communicated customer procedures or field actions.

 

If a product does require operating system security updates, configuration changes, or other actions to be taken by our customer or by Philips Customer Services, product-specific service documentation will be produced by Philips product teams and made available to Philips service delivery platforms such as the Philips InCenter Customer Portal. As the Zerologon advisory posted on www.philips.com/productsecurity is updated by Philips product teams, all of these materials are accessible to contract-entitled customers, licensed representatives, and Philips Customer Service teams.

 

Contract-entitled customers may use Philips InCenter and are encouraged to request Philips InCenter access and reference product-specific information posted. If customers still have questions, all customers (contract-entitled or otherwise)  are encouraged to contact their local service support team or regional product service support as appropriate for up to date information specific to their Philips’ products.