BadAlloc Flaws Could Threaten IoT and OT Devices: Microsoft

  /     /     /  
Publicated : 23/11/2024   Category : security

BadAlloc Flaws Could Threaten IoT and OT Devices: Microsoft


More than 25 critical memory allocation bugs could enable attackers to bypass security controls in industrial, medical, and enterprise devices.


Microsoft today disclosed more than 25 critical memory allocation vulnerabilities in Internet of Things (IoT) and operational technology (OT) devices that could enable an attacker to bypass security controls and execute malicious code or cause a system to crash in industrial, medical, and enterprise networks.
These remote code execution (RCE) flaws are collectively dubbed BadAlloc and they exist in standard memory allocation functions spanning broadly used real-time operating systems, embedded software development kits, and C standard library implementations. Microsoft has not seen any evidence of the CVEs being exploited but urges organizations to patch quickly.
All of these vulnerabilities stem from the use of vulnerable memory functions including malloc, calloc, realloc, memalign, valloc, pvalloc, and more, the Microsoft Security and Response Center writes in a blog post. Research indicates memory allocation implementations written over the years for IoT devices and embedded software have not included the proper input validations; without these, an attacker can exploit memory allocation to execute code on a target device.
Microsoft has shared its findings with affected vendors and the Department of Homeland Security. The Cybersecurity and Infrastructure Security Agency has 
published an advisory
 with a full list of affected products, vulnerability descriptions, and links to patches and mitigations.
Read Microsofts 
full blog post
 for more details.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
BadAlloc Flaws Could Threaten IoT and OT Devices: Microsoft