Threat Intelligence: BD Releases Advisory on Microsoft’s Zerologon Vulnerability

CVE-2020-1472 | Microsoft Netlogon Elevation of Privilege Vulnerability
Cynerio
News
Nov 8, 2020

Advisory Information

BD posted an advisory on November 6, 2020 regarding the Microsoft Netlogon elevation of privilege vulnerability (CVE-2020-1472), more widely known as Zerologon. 

How Does This Vulnerability Impact BD Healthcare Products?

This is a third-party vulnerability that affects the Netlogon Remote Protocol (MS-NRPC), which allows unauthorized users access to a domain controller via the Netlogon secure channel. Once access has been gained, threat actors can run malicious applications on devices throughout the network, potentially compromising device functionality and network communications. However, in order to connect to the domain controller, the bad actor would have to use MS-NRPC to gain domain administrator access.

Devices Affected

  • BD Infusion Knowledge Portal™
  • BD Intelliport™
  • BD Kiestra™ InoqulA Standalone
  • BD Kiestra™ ReadA Standalone
  • BD Kiestra™ TLA/WCA
  • BD Supply Knowledge Portal™
  • BD HealthSight™ Clinical Advisor
  • BD HealthSight™ Data Manager
  • BD HealthSight™ Diversion Management
  • BD HealthSight™ Infection Advisor
  • BD HealthSight™ Inventory Optimization
  • BD Medication Knowledge Portal™

Note: This vulnerability is not limited to BD devices.

What Can Be Done to Mitigate the Threat & How Can Cynerio Help?

Microsoft is actively working on rolling out patches for this vulnerability in two phases. Until a full solution is available, Cynerio can:

  1. Conduct Deep Packet Inspection (DPI) and discover every device on the network and identify those at risk
  2. Map critical devices affected by this vulnerability
  3. Identify attempted exploits of this vulnerability within your network and send real-time alerts
  4. Automatically configure mitigation policies and ACLs tailored to the network that can be applied using existing security infrastructure to limit the exposure of vulnerable and infected devices

Some Other Helpful Resources

  • https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletins/third-party-vulnerability-netlogon-elevation-of-privilege-vulnerability-zerologon
  • https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472


Keep your finger on the pulse of Healthcare IoT security