=============================================================================
Run Date: JUL 08, 2011                     Designation: VBEC*1*30
Package : VBEC - VBECS                        Priority: Mandatory
Version : 1        SEQ #30                      Status: Released
                  Compliance Date: JUL 15, 2011
=============================================================================


Subject: MICROSOFT SQL SERVER SECURITY UPDATE FOR VBECS

Category: 
  - Informational

Description:
============

 This patch serves to alert VA facilities using the Vista Blood 
 Establishment Computer Software (VBECS) that a Microsoft SQL Server
 Security Update is available for immediate installation.
  
 If the VBECS servers are supported by a second group, i.e. a Regional 
 Data Center, it is the responsibility of the local IRM support person 
 for VBECS to ensure that all parties who need to see this Update 
 Information for 'their' VBECS system sees it. The local support should 
 follow local policies to forward such information to their Server 
 Administrators. 
  
 Sites who have not installed VBECS have no action to take with this 
 informational patch.
  
 This patch is released with a seven (7) day compliance because the 
 updates address security vulnerabilities in Microsoft SQL Server. Failure 
 to comply with the installation of SQL Server Updates could expose the 
 VBECS servers and databases to security threats. 
  
  
 BLOOD BANK CLEARANCE 
 ===================== 
  
 EFFECT ON BLOOD BANK FUNCTIONAL REQUIREMENTS: Patch VBEC*1.0*30 contains 
 changes to a package referenced in VHA OI SEPG SOP 192-023 Review of 
 VISTA Patches for Effects on VISTA Blood Bank Software. This patch does 
 not alter or modify any VistA Blood Bank software design safeguards or 
 safety critical elements functions.
  
 RISK ANALYSIS: Changes made by patch VBEC*1.0*30 have no effect on Blood 
 Bank software functionality, therefore RISK is none.
  
  
 SQL Server Updates 
 ================ 
 If your servers are maintained at a data center, ignore this section 
 since data center personnel will install updates.
  
 This Microsoft SQL Server Update patch must be installed on the
 VBECS servers: 
  
  
      KB960082
  
  
 The VBECS development team must test every Microsoft SQL Server update. 
 Once 
 the development team is satisfied that the update causes no adverse 
 effects, Clinical Product Support (CPS) will give the sites permission to 
 apply the update by releasing this informational patch. 
  
 Updates are approved with Windows Server Update Service. Approved updates 
 will be downloaded to your servers automatically. However, a server 
 administrator must install the updates locally.
  
 SQL Server Update instructions:
 ============================
  
 1) Open a FTP connection to this address from any workstation*:
      IP: 10.3.21.76 
      No password is required for access.
  
    *If you are blocked from accessing the FTP because it is not listed 
    as a trusted site, perform these steps to gain access:
    a. Open Internet Explorer and select TOOLS, INTERNET OPTIONS.
    b. Select the SECURITY tab.
    c. Select TRUSTED SITES.
    d. Click SITES.
    e. Make sure REQUIRE SERVER VERIFICATION. is unchecked. Enter 
       ftp://10.3.21.76 and click the ADD button.
    f. Close all windows.
    g. Repeat step 1 to access the FTP site.
  
 2) Open the VBECS Technical Bulletins folder and download VBECS Technical 
    Bulletin BB11-02
  
 3) Review the instructions in VBECS Technical Bulletin BB11-02 
    titled Applying SQL Server Service Pack 4 Security Update 
    (KB960082) to the VBECS Database.
  
 4) This update will require approximately thirty (30) minutes of VBECS 
    system downtime. Please coordinate a time with the Blood Bank 
    manager to apply this update. All Blood Bank users must be logged 
    off the VBECS server before the update can begin. 
  
 5) At the agreed upon down time begin the update by performing 
    the Prerequisites section of the VBECS Technical Bulletin BB11-02.
  
 6) After the Microsoft SQL Server Update process is complete and 
    there are no outstanding issues, notify the Blood Bank Manager 
    that the VBECS system is once again available for use. If any issues 
    are encountered, contact the VA Service Desk (VASD)or file a Remedy 
    ticket. 
  
  
 ========================================================================
  
 NOTE: Do not change the system! The U.S. Food and Drug Administration 
 classifies this software as a medical device. Unauthorized modifications 
 will render this device an adulterated medical device under Section 501 
 of the Medical Device Amendments to the Federal Food, Drug, and Cosmetic 
 Act. Acquiring and implementing this software through the Freedom of 
 Information Act require the implementer to assume total responsibility 
 for the software and become a registered manufacturer of a medical 
 device, subject to FDA regulations. Adding to or updating VBECS software 
 without permission is prohibited.

Routine Information:
====================
No routines included.

=============================================================================
User Information:
Entered By  : KANIA,KEVIN                   Date Entered  : JUN 10, 2011
Completed By: MORTON,RANDY                  Date Completed: JUL 08, 2011
Released By : MURCH,CLAUDETTE               Date Released : JUL 08, 2011
=============================================================================


Packman Mail Message:
=====================

No routines included