Security researchers at Microsoft have warned of 25 undocumented critical memory-allocation vulnerabilities that lie across a number of vendors’ IoT and industrial devices. The flaws could be used to execute malicious code throughout a network or cause an entire system to crash. The bugs were uncovered by Microsoft’s Azure Defender security team. The memory allocation flaw was described by the researchers as a systemic problem that could be exploited by threat actors to wreak havoc on an organization’s network.
The new family of vulnerabilities has been named “BadAlloc.” The flaws have the potential to impact customers across a wide range of domains, including medical IoT devices, industrial control systems, and operation technology. On Thursday, Microsoft released a report on the vulnerabilities via its Microsoft Security Response Center. According to the report, the memory allocation implementations have not incorporated proper input validations, the lack of which allow attackers to perform heap overflow through exploiting the flawed memory allocation function.
Read More: Microsoft Warns of 25 Critical Vulnerabilities in IoT, Industrial Devices
