This page is to inform owners of ZEISS Ophthalmic Diagnostics Instruments about:

Microsoft Windows HTTP Protocol Stack Remote Code Execution Vulnerability CVE-2022-21907 Cybersecurity Update

The Microsoft Windows HTTP Protocol Stack Remote Code Execution vulnerability can potentially affect the Microsoft Windows 10 operating system (OS) by requiring no authentication before processing incoming HTTP requests in various system services and subsystems. A remote code-execution issue in the HTTP protocol stack stands out for researchers, given that it is wormable. It can self-propagate specially crafted packets through a network using the HTTP protocol stack (http.sys) to process packets.

The vulnerability does not affect safety and performance on any of the ZEISS devices. However, ZEISS recommends updating devices with the Microsoft patch and/or registry settings, as applicable, to ensure continued cybersecurity.

ZEISS has assessed the impact of the vulnerability and recommends installing the updates listed for each device as indicated below.

Refer to the table for the respective update instructions to close this vulnerability for your corresponding ZEISS device. Please contact your local service team if you need support updating your device.

Begin the process by first installing the following patch:

Device

Link to Instructions for Updating ZEISS Device

Link to Download Patch

All

Link to instruction manual

KB5005698

Upon completion of the KB5005698 patch, please continue the update for your device: