Windows DNS Server Remote Code Execution Vulnerability (CVE-2020-1350)
Canon Medical Systems Security Advisory
A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability.
To exploit the vulnerability, an unauthenticated attacker could send malicious requests to a Windows DNS server.
The update addresses the vulnerability by modifying how Windows DNS servers handle requests.
REF: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350
Overview:
Note: This Vulnerability is currently awaiting updated analysis and represents our best knowledge as of the most recent revision. As a result, the content is subject to change as further analysis is performed and the results are updated.
Canon Medical Systems Corporation continues to investigate the applicability of this vulnerability to Medical Imaging Devices manufactured by Canon Medical Systems Corporation.
REFERENCE:
MITRE CVE-2020-1350
This vulnerability is only applicable to Microsoft Windows Server systems that are configured as DNS server. Canon Medical Systems Corporation does not manufacture any imaging products operating on Windows Server configured as DNS server.
Possible Affected Canon Medical Systems Products:
Affected Canon Medical Systems Products
・ None
Canon Medical Products under investigation
・ None
Resolution:
・ None
Due to medical device regulatory reasons, not all products/service displayed on this Canon Medical Systems global webpage are available in all countries, regions or markets. Future availability of the products/service cannot also be guaranteed. Please contact your local Canon Medical Systems representative for further details.
