Avigilon is currently monitoring and has reviewed the impact of the recently announced BlueKeep RDP Vulnerability, CVE-2019-0708. The vulnerability affects Windows 7, Windows XP, Windows Server 2008 R2 and Windows Server 2008. Warnings have been issued by Microsoft and the United States National Security Agency but the vulnerability has yet to be reported as being exploited in the wild.
Avigilon engineering has assessed this vulnerability and determined that in their factory default configurations, none of the servers, workstations or appliances sold by Avigilon should be affected; the security risk to customers is low.
As a best practice, Avigilon recommends that all customers running Avigilon Control Center (ACC) software on Windows ensure their system is protected by running Windows Update and confirming that the latest security updates are installed. Specifically, anyone running Windows 7, Windows Server 2008 or Windows Server 2008 R1 should consult Microsoft's security guidance on CVE-2019-0708 for those operating systems. Microsoft has also issued guidance for anyone using an operating system that is no longer fully supported (such as Windows XP or Windows Server 2003).
Please note, the above analysis and recommendations contained in this letter are intended as suggested guidelines and for informational purposes only. Avigilon does not guarantee that any of its products are immune from a potential cyber-attack and adhering to any of the advice contained in this letter may still result in a virus infecting your Avigilon product. In general, Avigilon recommends keeping all software and firmware up to date as best practice from an information security perspective.