このページは、ZEISS Ophthalmic Diagnostics Instrumentsのオーナー様にお知らせするものです。

Microsoft Windows Print Spooler Vulnerability CVE-2021-34527 (“PrintNightmare“) Cybersecurity Update

"PrintNightmare"は、Microsoft Windows OSで動作する機器に影響を与えるセキュリティの脆弱性の名称です。Microsoftによると、「Windows Print Spooler Serviceが特定の権限で不適切なファイル操作を実行すると、リモートデコードが実行される脆弱性が存在します。この脆弱性を悪用した攻撃者は、SYSTEM権限で任意のコードを実行する必要があります。攻撃者はプログラムをインストールし、データを表示、変更または削除し、あるいは無制限のユーザー権限で新しいアカウントをする可能性があります。」
"PrintNightmare"はZEISS 製品 のセキュリティや機能に影響を及ぼしません。それでもなお、機器のセキュリティアップデート(パッチ)を提供し、"PrintNightmare"のセキュリティの脆弱性を解消します。

ZEISSは、セキュリティの脆弱性がWindows OSを搭載したZEISS製品にどのような影響を及ぼしているかということを確認しました。以下の製品のみをアップデートが必要です。

アップデートのためのそれぞれのインストール方法については下表を参照し、ZEISS機器のセキュリティの脆弱性を解決してください。ZEISS機器のアップデートのサポートが必要な場合には、現地のサポートチームにお問い合わせください。

ZEISS CIRRUS

Model OS Link to Instructions for Updating ZEISS Device
Link to Download (use Internet Explorer or Edge)

ZEISS CIRRUS 500/5000/6000

Windows 10

Microsoft Windows Print Spooler Vulnerability CVE-2021-34527 (“PrintNightmare“) Cybersecurity Update For Windows 10 OS

1. KB5001402
2. KB5004948

ZEISS CIRRUS 400/4000/500/5000

Windows 7

Microsoft Windows Print Spooler Vulnerability CVE-2021-34527 (“PrintNightmare“) Cybersecurity Update For Windows 7 OS

Follow instructions (see column to the left titled “Link to Instructions for Updating ZEISS Device”)

ZEISS CIRRUS photo

Model OS Link to Instructions for Updating ZEISS Device Link to Download (use Internet Explorer or Edge)

ZEISS CIRRUS photo 600/800

Windows 10

Microsoft Windows Print Spooler Vulnerability CVE-2021-34527 (“PrintNightmare“) Cybersecurity Update For Windows 10 OS

1. KB5001402
2. KB5004948

ZEISS CIRRUS photo 600/800

Windows 7

Microsoft Windows Print Spooler Vulnerability CVE-2021-34527 (“PrintNightmare“)

Follow instructions (see column to the left titled “Link to Instructions for Updating ZEISS Device”)

ZEISS ATLAS

Model OS Link to Instructions for Updating ZEISS Device
Link to Download (use Internet Explorer or Edge)

ZEISS ATLAS 9000

Windows 10

Microsoft Windows Print Spooler Vulnerability CVE-2021-34527 (“PrintNightmare“) Cybersecurity Update For Windows 10 OS

1. KB5001402
2. KB5004948

ZEISS ATLAS 9000

Windows 7

Microsoft Windows Print Spooler Vulnerability CVE-2021-34527 (“PrintNightmare“) Cybersecurity Update For Windows 7 OS

Follow instructions (see column to the left titled “Link to Instructions for Updating ZEISS Device”)

ZEISS CLARUS 500/700

Model OS Link to Instructions for Updating ZEISS Device Link to Download (use Internet Explorer or Edge)

ZEISS CLARUS 500/700

Windows 10

Microsoft Windows Print Spooler Vulnerability CVE-2021-34527 (“PrintNightmare“) Cybersecurity Update For Windows 10 OS

1. KB5001402
2. KB5004948

ZEISS HFA3

Model OS Link to Instructions for Updating ZEISS Device
Link to Download (use Internet Explorer or Edge)

ZEISS HFA3

Windows 10

Microsoft Windows Print Spooler Vulnerability CVE-2021-34527 (“PrintNightmare“) Cybersecurity Update For Windows 10 OS

Note: the HFA3 is shipped with the instrument running in kiosk mode. To install the patch, disable Kiosk mode (Refer to instructions in the HFA3 IFU to access the Windows desktop), login as the IT Administrator user, run the “Kiosk OFF” shortcut on the desktop, and reboot the instrument.

1. KB5001402
2. KB5004948

ZEISS HFA3

Windows 7

Microsoft Windows Print Spooler Vulnerability CVE-2021-34527 (“PrintNightmare“) Cybersecurity Update For Windows 7 OS

Note: the HFA3 is shipped with the instrument running in kiosk mode. To install the patch, disable Kiosk mode (Refer to instructions in the HFA3 IFU to access the Windows desktop), login as the IT Administrator user, run the “Kiosk OFF” shortcut on the desktop, and reboot the instrument.

Follow instructions (see column to the left titled “Link to Instructions for Updating ZEISS Device”)

 

ZEISS PLEX Elite

Model OS Link to Instructions for Updating ZEISS Device Link to Download (use Internet Explorer or Edge)

ZEISS PLEX Elite 9000

Windows 10

Microsoft Windows Print Spooler Vulnerability CVE-2021-34527 (“PrintNightmare“) Cybersecurity Update For Windows 10 OS

1. KB5001402
2. KB5004948

ZEISS PLEX Elite 9000

Windows 7

Microsoft Windows Print Spooler Vulnerability CVE-2021-34527 (“PrintNightmare“) Cybersecurity Update For Windows 7 OS

Follow instructions (see column to the left titled “Link to Instructions for Updating ZEISS Device”)

 

ZEISS PRIMUS 200

Model OS Link to Instructions for Updating ZEISS Device Link to Download (use Internet Explorer or Edge)

ZEISS PRIMUS 200

 

Windows 10: serial numbers starting with 200-3XXXX and 200-5XXXX

Microsoft Windows Print Spooler Vulnerability CVE-2021-34527 (“PrintNightmare“) Cybersecurity Update For Windows 10 OS

1. KB5001402
2. KB5004948

ZEISS PRIMUS 200

Windows 7: serial numbers starting with 200-0XXXX and 200-2XXXX

Please contact your Service Technician

N/A

 

ZEISS IOLMaster

Model OS Link to Instructions for Updating ZEISS Device Link to Download (use Internet Explorer or Edge)

ZEISS IOLMaster 500

6. Generation, WinPOS

ZEISS IOLMaster 5.5 / IOLMaster 500 cybersecurity update

Zeiss-IOLMaster500-CVE-2021-34527-Patch.upt

ZEISS IOLMaster 5.5

 

ZEISS IOLMaster 700

 

ZEISS IOLMaster 700 cybersecurity update

IOLMaster700UpdateOperatingSystem.upt

 

ZEISS SL Imaging Solution

Model Link to Instructions for Updating ZEISS Device Link to Download (use Internet Explorer or Edge)

ZEISS SL Imaging Solution

SL Imaging Solution

3 Files to download (unpack from zip):

  • Install_Patch_PrinterNightmare_CVE-2021-34527_ Win-10.cmd
  • LGPO.exe
  • PrintNightmare_1.lgpo.txt

ZEISS SL Workstation

Model Link to Instructions for Updating ZEISS Device Link to Download (use Internet Explorer or Edge)

ZEISS SL Workstation

SL Workstation cybersecurity update

3 Files to download (unpack from zip):

  • Install_Patch_PrinterNightmare_CVE-2021-34527_ Win-7.cmd
  • LGPO.exe
  • PrintNightmare_1.lgpo.txt

ZEISS VISUCAM

Model OS Link to Instructions for Updating ZEISS Device Link to Download (use Internet Explorer or Edge)

ZEISS VISUCAM 224

 

VISUCAM cybersecurity update

CVE-2021-34527.zip

ZEISS VISUCAM 524

ZEISS Visucam 200 

Computer 1969-629

ZEISS VISUCAM PRO NM 2 

ZEISS VISUCAM NM/FA 2 

ZEISS VISUCAM 500

ZEISS VISUPAC

Model Link to Instructions for Updating ZEISS Device Link to Download (use Internet Explorer or Edge)

ZEISS VISUPAC 500

VISUPAC 500 cybersecurity update

3 Files to download (unpack from zip)

  • Install_Patch_PrinterNightmare_CVE-2021-34527_ Win-7.cmd
  • LGPO.exe
  • PrintNightmare_1.lgpo.txt