Microsoft: Medical-Device Vulnerabilities Don't Affect ThreadX
October 01 2019 - 4:38PM
Dow Jones News
By Maria Armental
Microsoft Corp. (MSFT) said Tuesday that an expanded warning of
potential cybersecurity vulnerabilities for connected medical
devices and health-care networks wouldn't affect ThreadX, the
real-time operating system it added as part of its Express Logic
acquisition.
The Food and Drug Administration and the Department of Homeland
Security said the cybersecurity vulnerabilities, first identified
in Wind River System Inc.'s flagship embedded operating system
VxWorks, could allow someone to gain control of the device,
preventing it from working properly or working at all.
DHS noted in its advisory that Microsoft cautioned that some
hardware makers could have used ThreadX and a third-party
software.
However, a Microsoft spokesperson said in an emailed statement
that "we've investigated these reports and confirmed that these
vulnerabilities do not impact any ThreadX release."
ThreadX customers using IPNet, the third-party software
component in question that supports network communications between
computers, should contact Wind River for the appropriate patches,
the Microsoft spokesperson said.
In July, following the DHS's first advisory on the Urgent/11
vulnerabilities, Wind River noted that it obtained the IPnet stack
through the Interpeak acquisition in 2006. Before then, it said,
the stack was broadly licensed to and used by a number of real-time
operating system vendors.
The FDA said it had received no adverse-event reports related to
the vulnerabilities.
Write to Maria Armental at maria.armental@wsj.com
(END) Dow Jones Newswires
October 01, 2019 16:23 ET (20:23 GMT)
Copyright (c) 2019 Dow Jones & Company, Inc.
Microsoft (NASDAQ:MSFT)
Historical Stock Chart
From Mar 2024 to Apr 2024
Microsoft (NASDAQ:MSFT)
Historical Stock Chart
From Apr 2023 to Apr 2024