このページは、ZEISS Ophthalmic Diagnostics Instrumentsのオーナー様にお知らせするものです。

Microsoft Windows Print Spooler Vulnerability CVE-2021-34527 (“PrintNightmare“) Cybersecurity Update

"PrintNightmare"は、Microsoft Windows OSで動作する機器に影響を与えるセキュリティの脆弱性の名称です。Microsoftによると、「Windows Print Spooler Serviceが特定の権限で不適切なファイル操作を実行すると、リモートデコードが実行される脆弱性が存在します。この脆弱性を悪用した攻撃者は、SYSTEM権限で任意のコードを実行する必要があります。攻撃者はプログラムをインストールし、データを表示、変更または削除し、あるいは無制限のユーザー権限で新しいアカウントをする可能性があります。」
"PrintNightmare"はZEISS 製品のセキュリティや機能に影響を及ぼしません。それでもなお、機器のセキュリティアップデート（パッチ）を提供し、"PrintNightmare"のセキュリティの脆弱性を解消します。

ZEISSは、セキュリティの脆弱性がWindows OSを搭載したZEISS製品にどのような影響を及ぼしているかということを確認しました。以下の製品のみをアップデートが必要です。

アップデートのためのそれぞれのインストール方法については下表を参照し、ZEISS機器のセキュリティの脆弱性を解決してください。ZEISS機器のアップデートのサポートが必要な場合には、現地のサポートチームにお問い合わせください。

	Model	OS	Link to Instructions for Updating ZEISS Device	Link to Download (use Internet Explorer or Edge)
ZEISS CIRRUS	ZEISS CIRRUS 500/5000/6000	Windows 10	Microsoft Windows Print Spooler Vulnerability CVE-2021-34527 (“PrintNightmare“) Cybersecurity Update For Windows 10 OS	1. KB5001402 2. KB5004948
ZEISS CIRRUS	ZEISS CIRRUS 400/4000/500/5000	Windows 7	Microsoft Windows Print Spooler Vulnerability CVE-2021-34527 (“PrintNightmare“) Cybersecurity Update For Windows 7 OS	Follow instructions (see column to the left titled “Link to Instructions for Updating ZEISS Device”)

	Model	OS	Link to Instructions for Updating ZEISS Device	Link to Download (use Internet Explorer or Edge)
ZEISS CIRRUS photo 600/800	ZEISS CIRRUS photo 600/800	Windows 10	Microsoft Windows Print Spooler Vulnerability CVE-2021-34527 (“PrintNightmare“) Cybersecurity Update For Windows 10 OS	1. KB5001402 2. KB5004948
ZEISS CIRRUS photo 600/800	ZEISS CIRRUS photo 600/800	Windows 7	Microsoft Windows Print Spooler Vulnerability CVE-2021-34527 (“PrintNightmare“)	Follow instructions (see column to the left titled “Link to Instructions for Updating ZEISS Device”)

	Model	OS	Link to Instructions for Updating ZEISS Device	Link to Download (use Internet Explorer or Edge)
ZEISS ATLAS 9000	ZEISS ATLAS 9000	Windows 10	Microsoft Windows Print Spooler Vulnerability CVE-2021-34527 (“PrintNightmare“) Cybersecurity Update For Windows 10 OS	1. KB5001402 2. KB5004948
ZEISS ATLAS 9000	ZEISS ATLAS 9000	Windows 7	Microsoft Windows Print Spooler Vulnerability CVE-2021-34527 (“PrintNightmare“) Cybersecurity Update For Windows 7 OS	Follow instructions (see column to the left titled “Link to Instructions for Updating ZEISS Device”)

	Model	OS	Link to Instructions for Updating ZEISS Device	Link to Download (use Internet Explorer or Edge)
ZEISS CLARUS 500/700	ZEISS CLARUS 500/700	Windows 10	Microsoft Windows Print Spooler Vulnerability CVE-2021-34527 (“PrintNightmare“) Cybersecurity Update For Windows 10 OS	1. KB5001402 2. KB5004948

	Model	OS	Link to Instructions for Updating ZEISS Device	Link to Download (use Internet Explorer or Edge)
ZEISS HFA3	ZEISS HFA3	Windows 10	Microsoft Windows Print Spooler Vulnerability CVE-2021-34527 (“PrintNightmare“) Cybersecurity Update For Windows 10 OS Note: the HFA3 is shipped with the instrument running in kiosk mode. To install the patch, disable Kiosk mode (Refer to instructions in the HFA3 IFU to access the Windows desktop), login as the IT Administrator user, run the “Kiosk OFF” shortcut on the desktop, and reboot the instrument.	1. KB5001402 2. KB5004948
ZEISS HFA3	ZEISS HFA3	Windows 7	Microsoft Windows Print Spooler Vulnerability CVE-2021-34527 (“PrintNightmare“) Cybersecurity Update For Windows 7 OS Note: the HFA3 is shipped with the instrument running in kiosk mode. To install the patch, disable Kiosk mode (Refer to instructions in the HFA3 IFU to access the Windows desktop), login as the IT Administrator user, run the “Kiosk OFF” shortcut on the desktop, and reboot the instrument.	Follow instructions (see column to the left titled “Link to Instructions for Updating ZEISS Device”)

	Model	OS	Link to Instructions for Updating ZEISS Device	Link to Download (use Internet Explorer or Edge)
ZEISS PLEX Elite 9000	ZEISS PLEX Elite 9000	Windows 10	Microsoft Windows Print Spooler Vulnerability CVE-2021-34527 (“PrintNightmare“) Cybersecurity Update For Windows 10 OS	1. KB5001402 2. KB5004948
ZEISS PLEX Elite 9000	ZEISS PLEX Elite 9000	Windows 7	Microsoft Windows Print Spooler Vulnerability CVE-2021-34527 (“PrintNightmare“) Cybersecurity Update For Windows 7 OS	Follow instructions (see column to the left titled “Link to Instructions for Updating ZEISS Device”)

	Model	OS	Link to Instructions for Updating ZEISS Device	Link to Download (use Internet Explorer or Edge)
ZEISS PRIMUS 200	ZEISS PRIMUS 200	Windows 10: serial numbers starting with 200-3XXXX and 200-5XXXX	Microsoft Windows Print Spooler Vulnerability CVE-2021-34527 (“PrintNightmare“) Cybersecurity Update For Windows 10 OS	1. KB5001402 2. KB5004948
ZEISS PRIMUS 200	ZEISS PRIMUS 200	Windows 7: serial numbers starting with 200-0XXXX and 200-2XXXX	Please contact your Service Technician	N/A

	Model	OS	Link to Instructions for Updating ZEISS Device	Link to Download (use Internet Explorer or Edge)
ZEISS IOLMaster	ZEISS IOLMaster 500	6. Generation, WinPOS	ZEISS IOLMaster 5.5 / IOLMaster 500 cybersecurity update	Zeiss-IOLMaster500-CVE-2021-34527-Patch.upt
	ZEISS IOLMaster 5.5	6. Generation, WinPOS	ZEISS IOLMaster 5.5 / IOLMaster 500 cybersecurity update	Zeiss-IOLMaster500-CVE-2021-34527-Patch.upt
	ZEISS IOLMaster 700		ZEISS IOLMaster 700 cybersecurity update	IOLMaster-700-Update-Operating-System.upt

	Model	Link to Instructions for Updating ZEISS Device	Link to Download (use Internet Explorer or Edge)
ZEISS SL Imaging Solution	ZEISS SL Imaging Solution	SL Imaging Solution	3 Files to download (unpack from zip): Install_Patch_PrinterNightmare_CVE-2021-34527_ Win-10.cmd LGPO.exe PrintNightmare_1.lgpo.txt

	Model	Link to Instructions for Updating ZEISS Device	Link to Download (use Internet Explorer or Edge)
ZEISS SL Workstation	ZEISS SL Workstation	SL Workstation cybersecurity update	3 Files to download (unpack from zip): Install_Patch_PrinterNightmare_CVE-2021-34527_ Win-7.cmd LGPO.exe PrintNightmare_1.lgpo.txt

	Model	OS	Link to Instructions for Updating ZEISS Device	Link to Download (use Internet Explorer or Edge)
ZEISS VISUCAM	ZEISS VISUCAM 224		VISUCAM cybersecurity update	CVE-2021-34527.zip
	ZEISS VISUCAM 524
	ZEISS Visucam 200	Computer 1969-629
	ZEISS VISUCAM PRO NM 2
	ZEISS VISUCAM NM/FA 2
	ZEISS VISUCAM 500

	Model	Link to Instructions for Updating ZEISS Device	Link to Download (use Internet Explorer or Edge)
ZEISS VISUPAC	ZEISS VISUPAC 500	VISUPAC 500 cybersecurity update	3 Files to download (unpack from zip): Install_Patch_PrinterNightmare_CVE-2021-34527_ Win-7.cmd LGPO.exe PrintNightmare_1.lgpo.txt