Windows Print Spooler Vulnerability (CVE-2021-34527)
Canon Medical Systems Security Advisory
It was announced that there is security vulnerability that affects Windows Print Spooler. A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges.
REF: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527
Overview:
Microsoft Windows systems are affected if the print spooler service is enabled and inbound remote printing is enabled. In addition, an attack must involve an authenticated user calling RpcAddPrinterDriverEx(). The threat vector is SMB. At this time, the attacker will need the username / password of an existing user on the attacked system. Then attacker would execute the DLL remotely.
These Vulnerabilities are currently awaiting updated analysis and represents our best knowledge as of the most recent revision. As a result, the content is subject to change as further analysis is performed and the results are updated.
Canon Medical Systems Corporation continues to investigate the applicability of this vulnerability to Medical Imaging Devices manufactured by Canon Medical Systems Corporation.
REFERENCE:
MITRE CVE-2021-34527
This vulnerability is applicable to Microsoft Windows systems.
Possible Affected Canon Medical Systems Products:
| A) | Windows 10 based systems | |
| The security measures have been taken for these Products with a security manual. By properly setting the built-in Host Firewall according to the security manual, it will not be affected by the vulnerability. This is accomplished by blocking Port 445/135/139 for inbound access. | ||
| B) | Other Windows based systems (Windows 7 etc.) | |
| These Products do not have a security manual. | ||
| B-1) | Products with a built-in Host Firewall set (CT security option installed, MRI device, UL device, VL devices) | |
| Not affected by the vulnerability. | ||
| B-2) | Other Products | |
| It is affected by the vulnerability. | ||
Resolution:
The mitigation measures include the following.
- Block RPC and SMB ports at the Firewall appliance on the facilities network
Limited testing has shown that blocking both the RPC Endpoint Mapper (135/tcp) and SMB (139/tcp and 445/tcp) at the Firewall level can prevent remote exploitation of this vulnerability.
Notes:
- The possibility that the vulnerability of the affected systems will lead to actual harm is considered to be mitigated.
1) In order to exploit this vulnerability, it is necessary to know the username and password of these devices.
2) Even if the attacker gets the username and password information, an application whitelisting has the ability to block the execution of unauthorized DLL files. Whitelisting is installed by default for all Win7 and Win10 Canon Imaging devices. - The Print Spooler service cannot be disabled because some functions will not work.
Canon Medical Systems Corporation will provide the update information for Microsoft vulnerabilities. The current schedule is as follows. The schedule will be updated.
| UL | AI V4.0 | 2021/8/31 |
| CUS-VSV7 V4.0 | 2021/8/31 | |
| MRI | V6.0SP1010 | 2021/9/15 |
| CT | V10.4 | 2021/10/15 |
Due to medical device regulatory reasons, not all products/service displayed on this Canon Medical Systems global webpage are available in all countries, regions or markets. Future availability of the products/service cannot also be guaranteed. Please contact your local Canon Medical Systems representative for further details.
