Dismiss this notice
ExpressVPN Valentines 2021 Giveaway - https://www.geeks.fyi/showthread.php?tid=14246

Dismiss this notice
Internet Download Manager Giveaway - https://www.geeks.fyi/showthread.php?tid=14245

Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Microsoft Warns of 25 Critical Vulnerabilities in IoT, Industrial Devices
#1
Information 
Quote:Security researchers at Microsoft are warning the industry about 25 as-yet undocumented critical memory-allocation vulnerabilities across a number of vendors’ IoT and industrial devices that threat actors could exploit to execute malicious code across a network or cause an entire system to crash.
 
Dubbing the newly discovered family of vulnerabilities “BadAlloc,” Microsoft’s Section 52—which is the Azure Defender for IoT security research group–said the flaws have the potential to affect a wide range of domains, from consumer and medical IoT devices to industry IoT, operational technology, and industrial control systems, according to a report published online Thursday by the Microsoft Security Response Center (MSRC).
 
“Our research shows that memory allocation implementations written throughout the years as part of IoT devices and embedded software have not incorporated proper input validations,” according to the report. “Without these input validations, an attacker could exploit the memory allocation function to perform a heap overflow, resulting in execution of malicious code on a target device.”
 
Memory allocation is exactly what it sounds like–the basic set of instructions device makers give a device for how to allocate memory. The vulnerabilities stem from the usage of vulnerable memory functions across all the devices, such as malloc, calloc, realloc, memalign, valloc, pvalloc, and more, according to the report.

From what researchers have found, the problem is systemic, so it can exist in various aspects of devices, including real-time operating systems (RTOS), embedded software development kits (SDKs), and C standard library (libc) implementations, they said. And as IoT and OT devices are highly pervasive, “these vulnerabilities, if successfully exploited, represent a significant potential risk for organizations of all kinds,” researchers observed.

Read more: Microsoft Warns of 25 Critical Vulnerabilities in IoT, Industrial Devices | Threatpost
[-] The following 1 user Likes silversurfer's post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username:


Password:





[-]
Recent Posts
Bitdefender 25.0.19.75
Bitdefender 25.0.1...harlan4096 — 16:11
VLC (VideoLAN) Media Player 3.0.14
VLC (VideoLAN) Med...harlan4096 — 16:10
Custom browser protocol handlers may be ...
When you instal...harlan4096 — 16:01
Colonial Pipeline Shells Out $5M in Exto...
Colonial Pipeline ...silversurfer — 12:36
Pipeline Update: Biden Executive Order, ...
Colonial Pipeline ...silversurfer — 12:36

[-]
Birthdays
Today's Birthdays
avatar (39)knigiJow
avatar (41)1stOnecal
Upcoming Birthdays
avatar (23)jayc137
avatar (43)Jerrycix
avatar (35)awedoli
avatar (77)WinRARHowTo
avatar (34)axuben
avatar (35)ihijudu
avatar (44)contjrat
avatar (45)Mirzojap
avatar (31)idilysaju
avatar (35)GregoryRog
avatar (40)mediumog
avatar (35)odukoromu
avatar (41)Joanna4589

[-]
Online Staff
There are no staff members currently online.

>