Security News > 2021 > April > BadAlloc: Microsoft Flags Major Security Holes in OT, IoT Devices
Security researchers at Microsoft are raising the alarm for multiple gaping security holes in a wide range of enterprise internet-connected devices, warning that the high-risk bugs expose businesses to remote code execution attacks.
According to an advisory from Redmond's Azure Defender for IoT security research group, there are at least 25 documented vulnerabilities affecting a wide range of IoT and operational technology devices the industrial, medical, and enterprise networks.
Could exploit to bypass security controls in order to execute malicious code or cause a system crash, Microsoft warned.
A separate advisory from the U.S. Cybersecurity and Infrastructure Security Agency provides a list of affected devices and information on applying available security patches.
Learn more about vulnerabilities in industrial systems at SecurityWeek's ICS Cyber Security Conference and SecurityWeek's Security Summits virtual event series.
Ryan has built security engagement programs at major global brands, including Intel Corp., Bishop Fox and Kaspersky GReAT. He is a co-founder of Threatpost and the global SAS conference series.
News URL
Related news
- April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft (source)
- Google's got a hot cloud infosec startup, a new unified platform — and its eye on Microsoft's $20B+ security biz (source)
- Microsoft: Windows 'inetpub' folder created by security fix, don’t delete (source)
- Widespread Microsoft Entra lockouts tied to new security feature rollout (source)