ADVISORY / GENERAL GUIDANCE
Philips is aware of the current ransomware campaign known as WannaCry (also known as Ransom-WannaCry, WCry, WanaCrypt, and WanaCrypt0r) which has attacked a large number of organizations and over 300,000 victims around the world in approximately 150 countries. The malware encrypts (locks) computers and demands a payment in Bitcoins, according to information shared online by affected institutions. According to Microsoft, ransomware attacks have been observed to use common email phishing tactics with malicious attachments to infect devices. Once launched, the malware can further spread to adjacent systems on a network by exploiting a Windows vulnerability (in SMBv1). Further information on this Windows vulnerability can be found on the Microsoft website at Microsoft (MS) Customer Guidance for WannaCry Attacks.
The vulnerability to this ransomware was identified and a patch was released by Microsoft on March 14, 2017 (MS17-010) for Microsoft supported versions of Windows (including WinVista, WinServer 2008, Win7, WinServer 2008 R2, Win 8.1, WinServer 2012, Win10, WinServer 2012 R2, and WinServer 2016). In further response specific to this ransomware outbreak, Microsoft also has taken extra steps to release updates for versions of Windows not under Microsoft mainstream support (including WinXP, Win8, and WinServer 2003).
Consistent with Philips Product Security Policy, our global network of product security officers and technical support teams are closely monitoring the situation and continue to take appropriate preventative measures. Philips will continue to work with our customer base to address this malware event and drive any product-specific or customer installation-specific preventative measures such as installation of the latest Microsoft Security Patches, Windows vulnerability containment steps, or other Philips-approved countermeasures as required on Philips products.
INTENDED USE ADVISORY
Philips would like to advise our customers that neither use of an email client nor browsing the Internet is part of the intended use of any Philips product covered by this advisory. Philips products that are not listening on SMB ports (137, 138, 139, 445) or RDP port (3389) are not exposed to this Windows vulnerability provided the product is deployed within Philips product specifications and used in accordance with intended use of the product.
Select Philips products may be affected by the Microsoft vulnerability being exploited by the WannaCry ransomware. The potential for exploitability of any such vulnerability depends on the specific configuration and deployment environment of each product as well as adherence to the intended use of the product.
Preventative measures on Philips products currently affected by this MS Windows vulnerability (listed in the table below) should be implemented in accordance with Philips authorized steps or countermeasures defined and approved by Philips.
Customers entitled by service-contract to use the Philips InCenter Customer Portal are encouraged to request and attain InCenter access and reference product-specific information posted on Philips InCenter.
Philips highly recommends all customers with and without service contracts contact their local service support team or regional product service support to discuss any needed guidance, services, or questions regarding their specific product installations. Customers who require further general information on Philips Product Security may contact Philips Product Security at firstname.lastname@example.org.