If your organization uses IoT devices — from printers and VOIP phones to medical equipment and industrial controls — you could be vulnerable to one of the most significant security threats in recent memory: Urgent/11.
These zero-day vulnerabilities impact an estimated 2 billion connected devices worldwide and allow remote attackers to gain full control over systems without authentication. If left unpatched, Urgent/11 could be a direct gateway into your organization’s network.
What Is Urgent/11?
Urgent/11 is a group of 11 vulnerabilities (six of them critical) found in the VxWorks real-time operating system (RTOS) developed by Wind River. VxWorks is widely used in embedded and IoT devices across industries — including healthcare, manufacturing, finance, and critical infrastructure.
Most affected devices run VxWorks version 6.5 or higher with the IPnet TCP/IP stack, though versions such as VxWorks Cert Edition and VxWorks 653 are not impacted.
Devices That May Be Vulnerable:
-
VOIP phones
-
Medical devices
-
Printers and routers
-
Industrial control systems
-
Firewalls and network equipment
-
Elevators and building systems
These vulnerabilities can be exploited regardless of whether the device is inside the corporate firewall or at the network edge.
Why Urgent/11 Is So Dangerous
What makes Urgent/11 particularly concerning is the sheer scale and silent nature of the threat:
-
No user interaction is required for attackers to gain access
-
Affected devices are deeply embedded in operations
-
Many vulnerable devices are legacy systems that may not be routinely patched
-
Remote exploitability allows attackers to bypass traditional network defenses
Ben Seri, VP of Research at cybersecurity firm Armis, noted:
“VxWorks is the most widely used operating system you may never have heard of.”
Despite its 30+ year history of stability, this is a wake-up call for organizations to assess their IoT footprint and take immediate action.
Steps to Protect Against Urgent/11
✅ 1. Identify Vulnerable Devices
Audit your network for any devices running VxWorks. Focus on older hardware, embedded systems, and critical infrastructure components.
✅ 2. Apply the Latest Wind River Patch
Wind River released a critical patch on July 19 that addresses all Urgent/11 vulnerabilities. Apply this patch as soon as possible across all affected systems.
✅ 3. Use Firewall Rules and Network Segmentation
If patching is delayed or not possible, deploy temporary firewall rules to limit access to vulnerable devices and reduce risk exposure.
✅ 4. Monitor Network Traffic for Suspicious Activity
Use an intrusion detection system (IDS) or managed detection and response (MDR) service to flag unusual communications or behavior tied to embedded devices.
Why It Matters for Your Business
Although there are currently no known active exploits of the Urgent/11 vulnerabilities, experts warn that the risk is comparable to the infamous EternalBlue vulnerability used in the WannaCry ransomware attacks. In both cases, failure to patch legacy systems led to massive global disruptions.
Don’t let your organization become the next cautionary tale.
Stay Ahead of Zero-Day Vulnerabilities with Vision Computer Solutions
At Vision Computer Solutions, we help businesses proactively protect against critical threats like Urgent/11 by:
-
Performing full security assessments
-
Identifying and inventorying at-risk devices
-
Applying critical patches and mitigation strategies
-
Monitoring for emerging zero-day vulnerabilities
With over 25 years of experience, we help small to mid-sized businesses in Michigan and beyond stay secure, compliant, and operational.
Take Action Now
Contact us today for a free consultation or to schedule a vulnerability scan across your IoT environment.
📞 Call us at (248) 349-6115
Don’t wait for an attack to take action — Urgent/11 is real, and the time to patch is now.
