Security News > 2021 > April > Microsoft finds critical code execution bugs in IoT, OT devices
Microsoft security researchers have discovered over two dozen critical remote code execution vulnerabilities in Internet of Things devices and Operational Technology industrial systems.
Threat actors can exploit them to trigger system crashes and execute malicious code remotely on vulnerable IoT and OT systems.
"Our research shows that memory allocation implementations written throughout the years as part of IoT devices and embedded software have not incorporated proper input validations," the Microsoft Security Response Center team said.
"Without these input validations, an attacker could exploit the memory allocation function to perform a heap overflow, resulting in execution of malicious code on a target device."
Vulnerable IoT and OT devices impacted by the BadAlloc vulnerabilities can be found on consumer, medical, and industrial networks.
Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
News URL
Related news
- Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk (source)
- Microsoft Issues Patches for 90 Flaws, Including 10 Critical Zero-Days (source)
- Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data (source)
- Critical WPML Plugin Flaw Exposes WordPress Sites to Remote Code Execution (source)
- Apache fixes critical OFBiz remote code execution vulnerability (source)
- Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution (source)