Canon Medical Systems Security Advisory

Overview:
CVE-2021-26414 is a security vulnerability reported in June 2021 that affect Windows DCOM Server. Windows DCOM Server is the component communicating using DCOM which is a technology for communication between software components on networked computers. This vulnerability causes a bypass of Windows security feature.
Windows security updates were released in a phased release for this vulnerability. The security updates for Windows DCOM were released in June 2021. The security updates for All DCOM including non-Windows DCOM were released in March 2023. If non-Windows DCOM does not support the security updates in March 2023, DCOM communication may fail after the security updates are applied.
REF: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26414

Vulnerability Overview:
This vulnerability requires that a user with an affected version of Windows access a malicious server. Since an attacker would have no way to force users to visit this specially crafted server share or website, an attacker would have to host a specially crafted server and build share or website which has high ability to attract customers. And an attacker would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message.

Possible Affected Canon Medical Systems Products:
- Impact of the vulnerability:
Since Canon Medical Imaging Products do not allow operator the operation such as email or chat message, the potential risk is considered as low.
- Impact of Windows security updates:
We have not confirmed any affect to our products at this time.

Canon Medical Systems Corporation is currently investigating whether there is any impact. This security advisory will be updated as the investigation continues.

Resolution:
・ None