Skip to main content

BlueKeep vulnerability affecting Genetec products

On May 14th, Microsoft released fixes for a critical Remote Code Execution vulnerability in the Remote Desktop Protocol affecting Microsoft Windows versions 7 or older.

Certain Genetec products using a vulnerable version of Windows and for which remote desktop is enabled are affected.

Risk assessment

The BlueKeep vulnerability (CVE-2019-0708) can be spread from and to vulnerable computers without human intervention. Microsoft has released security patches for the deprecated versions of Windows and assigned a CVSS v3.0 base score of 9.8 (Critical) to this vulnerability.

Recommendation

Genetec has issued a software update for its embedded devices affected by this vulnerability and recommend applying it as soon as possible.

Certain Streamvault hardware produced in the past were shipped with a Windows version that is affected by this vulnerability. Genetec recommends keeping all Streamvault products up-to-date by applying the Windows security patches as soon as possible.

Please note that older Sharp OS versions might also be affected if they haven’t been updated. Please make sure to apply the latest patch update. See the table below for more details.

Workarounds

If the security patches can’t be applied in a timely fashion, it is possible to block TCP port 3389 at the enterprise perimeter firewall. Please refer to the Workaround section of the CVE-2019-0708 page on the Microsoft website for more details.

Affected products

Product

 Affected? 

Patch release version

Sharp 2.0, X1, X2, X2M, X4M

Yes

SharpOS 10.2 SR3

Sharp 3.0, XS, XSM, XSU

No1

N/A

SharpV

No

N/A

SMC

No2

N/A

Synergis Cloud Link

No2

N/A

Genetec Clearance

No

N/A

SV-16 v1, v2, v3

Yes

Apply Microsoft patches

SV-32 v1, v2

Yes

Apply Microsoft patches

SVPro v1, v2, v3

Yes

Apply Microsoft patches

All other SV products

No

N/A

1Sharp OS versions 11.4 SR1 and older have the RDP enabled by default and were therefore vulnerable. Please make sure to update to the latest image.

 2 These products are manufactured with the RDP disabled by default. However, if you have contacted the support team by phone, the RDP could have been enabled on those devices. Please follow the instructions to disable the RDP in Security Center Synergis™ mentioned in KBA-78992.

If you would like more information or need assistance with applying the patch, please log in to the Genetec Technical Assistance Portal (GTAP) to open a ticket. To log in to the Genetec Portal, you must be a Security Center user with the appropriate credentials.  If you do not have access credentials, please contact channelsales@genetec.com.