Security...

 

Microsoft Security Bulletin Update

February 2005

We have completed testing the Microsoft patches below and found no issues. We recommend that you apply these patches immediately to the RALS equipment.

  1. MS05-004 ASP.NET Path Validation Vulnerability (887219) - Important
  2. MS05-006 Vulnerability in Windows SharePoint Services and SharePoint Team Services Could Allow Cross-Site Scripting and Spoofing Attacks (887981) - Moderate
  3. MS05-007 Vulnerability in Windows Could Allow Information Disclosure (888302) - Important
  4. MS05-008 Vulnerability in Windows Shell Could Allow Remote Code Execution (890047) - Important
  5. MS05-009 Vulnerability in PNG Processing Could Lead to Buffer Overrun (890261) - Critical
  6. MS05-010 Vulnerability in the License Logging Service Could Allow Code Execution (885834) - Critical
  7. MS05-011 Vulnerability in Server Message Block Could Allow Remote Code Execution (885250) - Critical
  8. MS05-012 Vulnerability in OLE and COM Could Allow Remote Code Execution (873333) - Critical
  9. MS05-013 Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Code Execution (891781) - Critical
  10. MS05-014 Cumulative Security Update for Internet Explorer (867282) - Critical
  11. MS05-015 Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution (888113) - Critical

In response to these security updates released by Microsoft for the Critical updates MAS has conducted compatibility testing of these 11 security patches with multiple versions of RALS systems.

  • RALS-Plus version 1.2.1 SP1- complete

  • RALS-Plus version 1.2 SP1 - complete

  • RALS-Plus version 1.1 SP1 - complete

  • RALS-G version 2.4.5 -- complete

  • RALS-Web version 1.0 -- complete

Medical Automation Systems reviews all Microsoft security patches when they are released. No problems with the RALS systems have been found by our internal testing or reported by customers following the application of these security updates.  The application of these updates to the standard RALS system configuration has been approved.  Microsoft rates some of these as 'critical' but the vulnerabilities may in fact pose no risk to the RALS system if customers adhere to the intended use of RALS.

 

MS Patches NOT Critical to RALS Functionality If MAS determines that the vulnerability as described in a Microsoft bulletin should not adversely affect the RALS functionality when the system is used as intended, the security patch will be tested and included in the next routine product version release.  Should the user apply the patches, MAS cannot guarantee or warrant its operation or impact on the RALS system.  In this situation there will be no routine customer notification. 

 

MS Patches Critical to RALS Functionality If it is determined that the security vulnerability as described in a Microsoft bulletin is critical to the RALS functionality, MAS will notify customers via a broadcast email from SecurityUpdates@rals.com and by notice on the MAS website http://www.rals.com .

RALS-Plus I RALS-Web I RALS-eQuiz I RALS-TGCM I RALS-Report I Device Interfacing
Customer Support I Clinical Questions I MS Vulnerabilities I MS Updates I RRC Password of the Day
RRC Installation I RALS-Dataports I MAS News I About MAS I Case Studies
Contact Us I POC Links I Home I Legal Notice

© 2005 Medical Automation Systems, Inc., Charlottesville, VA USA. All rights reserved.