Third-Party Software Component End of Support: Microsoft XML Core Services 4.0

United States
North America

Canada (FR)

Canada (EN)

Mexico

United States

South America

Argentina

Brasil

Chile

Colombia
Europe

Belgium (FR)

Belgium (NL)

Česká republika

Denmark

Europe

Suomi

France

Deutschland

Hebrew

Hungary (EN)

Hungary (HU)

Ireland

Italia

Nederland

Norge

Polska

Россия

España

Sverige

Schweiz

Türkiye

United Kingdom
Middle East / Africa

Middle East, North Africa

Africa

Asia / Pacific

Australia / New Zealand

中国

Greater Asia

India

Indonesia

日本

Korea

Malaysia

Philippines

Singapore

Thailand

Vietnam
Login

Bulletin and Patches

Nov 15, 2022

Bulletins

HIGH

This notification is voluntary reported by BD to Information Sharing and Analysis Organizations (ISAOs).

BD communicates with our customers about cybersecurity vulnerabilities to enable healthcare providers to manage potential risks through awareness and guidance.

BD is aware that Microsoft XML Core Services version 4.0 is no longer supported by Microsoft. Microsoft announced the end of support for Microsoft XML Core Services version 4.0, effective April 12, 2014. As a result, Microsoft no longer provides security updates for this software. This third-party software component is not specific to BD or our products. BD is providing this update to let customers know which BD products could be affected.

Please note: This third-party component is not used in BD Alaris™ products sold in the U.S.

The list below identifies impacted BD products:

BD Alaris™ CQI Event Reporter and Tools, versions 4.4.0 and earlier
BD Alaris™ Communication Engine, versions 2.0.1 and earlier
BD Alaris™ PK Editor version 1.3

These offerings provide operational log reporting and do not directly affect the functioning of individual BD Alaris™ infusion pumps or BD Alaris™ Systems Managers.

As noted above, this third-party component is not used in BD Alaris™ products sold in the U.S. This list does not indicate the patch or device status. It may be updated if more products are identified. Please check back periodically for updates.

BD is currently planning to update the in-scope BD products that utilize this third-party component. BD does not have a confirmed schedule at this time. Please refer to the Bulletins and Patches page for all approved product security patching notifications.

Additionally, BD recommends the following compensating controls for customers using BD products that utilize the affected software:

Ensure physical access controls are in place and only authorized end-users have access to the in-scope BD products.
Maintain proper network segmentation and protection: Place clients and servers which host the affected products behind a correctly configured firewall and have proper network segmentation in place.
Ensure that the hosting clients and servers are up-to-date and have proper patch management controls in place where applicable.
Have proper user rights management controls in place.
Avoid using dedicated devices (such as these) for general-purpose tasks including accessing email or Internet browsing.

For product- or site-specific concerns, contact your BD service representative.

Microsoft has announced the end of support for XML Core Services version 4.0.