BD—Various Systems: May Be Vulnerable to Microsoft Windows Adobe Type Manager Library Vulnerability
May 27, 2020 | Strategic Insights for Health System
ECRI's complete weekly summary of medical device hazard and recall information is available in ECRI's Health Device Alerts. For more information contact us at firstname.lastname@example.org.
In a May 18, 2020, Product Security Bulletin, BD states that it is aware of and currently monitoring two third-party vulnerabilities that affect Windows Adobe Type Manager Library. These third-party vulnerabilities, which Microsoft corrected with its latest patch release, are not specific to BD or its products. These vulnerabilities exist when the Library improperly handles a specially crafted multi-master font, known as Adobe Type 1 PostScript format. Both vulnerabilities affect the above Windows operating systems and can be exploited in multiple ways. For instance, an unauthorized user could convince a user to open a malicious document in the Windows Preview Pane. While these vulnerabilities could allow an unauthenticated user to remotely execute custom code on the targeted system, Microsoft reported that the possibility of this occurring is negligible and elevation of privilege is not possible. BD states that Microsoft's security patch remediates these vulnerabilities by correcting the way Windows Adobe Type Manager Library handles Type 1 fonts. BD has not confirmed the...