Security researchers at Microsoft are warning the industry about 25 as-yet undocumented critical memory-allocation vulnerabilities across a number of vendors’ IoT and industrial devices that threat actors could exploit to execute malicious code across a network or cause an entire system to crash.
Dubbing the newly discovered family of vulnerabilities “BadAlloc,” Microsoft’s Section 52—which is the Azure Defender for IoT security research group–said the flaws have the potential to affect a wide range of domains, from consumer and medical IoT devices to industry IoT, operational technology, and industrial control systems, according to a report published online Thursday by the Microsoft Security Response Center (MSRC).
