By Maria Armental

Microsoft Corp. (MSFT) said Tuesday that an expanded warning of potential cybersecurity vulnerabilities for connected medical devices and health-care networks wouldn't affect ThreadX, the real-time operating system it added as part of its Express Logic acquisition.

The Food and Drug Administration and the Department of Homeland Security said the cybersecurity vulnerabilities, first identified in Wind River System Inc.'s flagship embedded operating system VxWorks, could allow someone to gain control of the device, preventing it from working properly or working at all.

DHS noted in its advisory that Microsoft cautioned that some hardware makers could have used ThreadX and a third-party software.

However, a Microsoft spokesperson said in an emailed statement that "we've investigated these reports and confirmed that these vulnerabilities do not impact any ThreadX release."

ThreadX customers using IPNet, the third-party software component in question that supports network communications between computers, should contact Wind River for the appropriate patches, the Microsoft spokesperson said.

In July, following the DHS's first advisory on the Urgent/11 vulnerabilities, Wind River noted that it obtained the IPnet stack through the Interpeak acquisition in 2006. Before then, it said, the stack was broadly licensed to and used by a number of real-time operating system vendors.

The FDA said it had received no adverse-event reports related to the vulnerabilities.

Write to Maria Armental at maria.armental@wsj.com

(END) Dow Jones Newswires

October 01, 2019 16:23 ET (20:23 GMT)

Copyright (c) 2019 Dow Jones & Company, Inc.
Microsoft (NASDAQ:MSFT)
Historical Stock Chart
From Mar 2024 to Apr 2024 Click Here for more Microsoft Charts.
Microsoft (NASDAQ:MSFT)
Historical Stock Chart
From Apr 2023 to Apr 2024 Click Here for more Microsoft Charts.