Security News > 2021 > April > Microsoft Finds 'BadAlloc' Flaws Affecting Wide-Range of IoT and OT Devices

Microsoft Finds 'BadAlloc' Flaws Affecting Wide-Range of IoT and OT Devices
2021-04-30 02:49

Microsoft researchers on Thursday disclosed two dozen vulnerabilities affecting a wide range of Internet of Things and Operational Technology devices used in industrial, medical, and enterprise networks that could be abused by adversaries to execute arbitrary code and even cause critical systems to crash.

"These remote code execution vulnerabilities cover more than 25 CVEs and potentially affect a wide range of domains, from consumer and medical IoT to Industrial IoT, Operational Technology, and industrial control systems," said Microsoft's 'Section 52' Azure Defender for IoT research group.

Texas Instruments CC32XX, versions prior to 4.40.00.07.

Texas Instruments SimpleLink-CC26XX, versions prior to 4.40.00.

Texas Instruments SimpleLink-CC32XX, versions prior to 4.10.03.

Microsoft said it has found no evidence of these vulnerabilities being exploited to date, although the availability of the patches could allow a bad actor to use a technique called "Patch diffing" to reverse engineer the fixes and leverage it to potentially weaponize vulnerable versions of the software.


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/D2K998NRIkY/microsoft-finds-badalloc-flaws.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 473 68 2214 4928 253 7463