BadAlloc Flaws Could Threaten IoT and OT Devices: Microsoft

  /     /     /  
Publicated : 23/11/2024   Category : security


BadAlloc Flaws Could Threaten IoT and OT Devices: Microsoft


More than 25 critical memory allocation bugs could enable attackers to bypass security controls in industrial, medical, and enterprise devices.



Microsoft today disclosed more than 25 critical memory allocation vulnerabilities in Internet of Things (IoT) and operational technology (OT) devices that could enable an attacker to bypass security controls and execute malicious code or cause a system to crash in industrial, medical, and enterprise networks.
These remote code execution (RCE) flaws are collectively dubbed BadAlloc and they exist in standard memory allocation functions spanning broadly used real-time operating systems, embedded software development kits, and C standard library implementations. Microsoft has not seen any evidence of the CVEs being exploited but urges organizations to patch quickly.
All of these vulnerabilities stem from the use of vulnerable memory functions including malloc, calloc, realloc, memalign, valloc, pvalloc, and more, the Microsoft Security and Response Center writes in a blog post. Research indicates memory allocation implementations written over the years for IoT devices and embedded software have not included the proper input validations; without these, an attacker can exploit memory allocation to execute code on a target device.
Microsoft has shared its findings with affected vendors and the Department of Homeland Security. The Cybersecurity and Infrastructure Security Agency has 
published an advisory
 with a full list of affected products, vulnerability descriptions, and links to patches and mitigations.
Read Microsofts 
full blog post
 for more details.

Last News

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
BadAlloc Flaws Could Threaten IoT and OT Devices: Microsoft