Security News > 2021 > April > BadAlloc: Microsoft Flags Major Security Holes in OT, IoT Devices
Security researchers at Microsoft are raising the alarm for multiple gaping security holes in a wide range of enterprise internet-connected devices, warning that the high-risk bugs expose businesses to remote code execution attacks.
According to an advisory from Redmond's Azure Defender for IoT security research group, there are at least 25 documented vulnerabilities affecting a wide range of IoT and operational technology devices the industrial, medical, and enterprise networks.
Could exploit to bypass security controls in order to execute malicious code or cause a system crash, Microsoft warned.
A separate advisory from the U.S. Cybersecurity and Infrastructure Security Agency provides a list of affected devices and information on applying available security patches.
Learn more about vulnerabilities in industrial systems at SecurityWeek's ICS Cyber Security Conference and SecurityWeek's Security Summits virtual event series.
Ryan has built security engagement programs at major global brands, including Intel Corp., Bishop Fox and Kaspersky GReAT. He is a co-founder of Threatpost and the global SAS conference series.
News URL
Related news
- Microsoft overhauls security for publishing Edge extensions (source)
- Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild (source)
- Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools (source)
- Microsoft warns it lost some customer's security logs for a month (source)
- Microsoft lost some customers’ cloud security logs (source)
- Microsoft Entra "security defaults" to make MFA setup mandatory (source)
- Microsoft pulls Exchange security updates over mail delivery issues (source)
- ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps (source)
- Microsoft Ignite 2024 Unveils Groundbreaking AI, Security, and Teams Innovations (source)
- Microsoft plans to boot security vendors out of the Windows kernel (source)