Security News > 2021 > April > BadAlloc: Microsoft Flags Major Security Holes in OT, IoT Devices
Security researchers at Microsoft are raising the alarm for multiple gaping security holes in a wide range of enterprise internet-connected devices, warning that the high-risk bugs expose businesses to remote code execution attacks.
According to an advisory from Redmond's Azure Defender for IoT security research group, there are at least 25 documented vulnerabilities affecting a wide range of IoT and operational technology devices the industrial, medical, and enterprise networks.
Could exploit to bypass security controls in order to execute malicious code or cause a system crash, Microsoft warned.
A separate advisory from the U.S. Cybersecurity and Infrastructure Security Agency provides a list of affected devices and information on applying available security patches.
Learn more about vulnerabilities in industrial systems at SecurityWeek's ICS Cyber Security Conference and SecurityWeek's Security Summits virtual event series.
Ryan has built security engagement programs at major global brands, including Intel Corp., Bishop Fox and Kaspersky GReAT. He is a co-founder of Threatpost and the global SAS conference series.
News URL
Related news
- FCC Launches 'Cyber Trust Mark' for IoT Devices to Certify Security Compliance (source)
- 3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update (source)
- ‘Sneaky Log’ Microsoft Spoofing Scheme Sidesteps Two-Factor Security (source)
- Microsoft: Outdated Exchange servers fail to auto-mitigate security bugs (source)
- Microsoft: January Windows security updates break audio playback (source)
- Microsoft shares workaround for Windows security update issues (source)