April 30, 2021 By Pierluigi Paganini
Microsoft researchers are warning of major security vulnerabilities affecting OT and IoT devices and high-risks for businesses using them.
Researchers from Microsoft’s Section 52 team recently uncovered several critical memory allocation flaws, collectively tracked as BadAlloc, affecting IoT and OT devices. The vulnerabilities could be exploited by attackers to bypass security controls to execute malicious code or trigger DoS conditions.
Experts found more than 25 RCE vulnerabilities that potentially affect a wide range of domains, from consumer and medical IoT to Industrial IoT, Operational Technology (OT), and industrial control systems.
The full list of vulnerabilities is available in an advisory (ICSA-21-119-04) published by the US DHS.