Microsoft expert discovered a series of serious code execution errors in IoT, OT devices
These 25 security flaws are collectively referred to as BadAlloc, and according to the initial investigation, they all stem from a glitch in the Integer Overflow or Wraparound memory allocation process. In theory, threat actors can exploit vulnerabilities to cause system crashes and even remotely execute malicious code on vulnerable IoT and OT systems. This is also the reason why they have a high severity rating.
Microsoft security team found these 25 BadAlloc vulnerabilities in a cluster of standard memory allocation functions widely used in many real-time operating systems (RTOS), standard deployment libraries. standard C (libc) and embedded software development kit (SDK).
" Our research shows that many memory allocation implementations written over the years as part of IoT devices and embedded software have failed to incorporate input authentications. appropriate , "said a team representative from the Microsoft Security Response Center. " Without these input validations, an attacker could fully exploit the memory allocation function to perform a heap overflow, leading to remote execution of malicious code. on target device ".
BadAlloc vulnerable devices
The majority of IoT and OT devices that are susceptible to the aforementioned BadAlloc vulnerabilities are currently widely used in the consumer, medical and industrial networking sectors.
The complete list of devices affected by BadAlloc includes:
- Amazon FreeRTOS, Version 10.4.1
- Apache Nuttx OS, Version 9.1.0
- ARM CMSIS-RTOS2, versions prior to 2.1.3
- ARM Mbed OS, version 6.3.0
- ARM mbed-uallaoc, Version 1.3.0
- Cesanta Software Mongoose OS, v2.17.0
- eCosCentric eCosPro RTOS, Versions 2.0.1 to 4.5.3
- Google Cloud IoT Device SDK, Version 1.0.2
- Linux Zephyr RTOS, versions prior to 2.4.0
- Media Tek LinkIt SDK, previous versions 4.6.1
- Micrium OS, Version 5.10.1 and earlier
- Micrium uCOS II / uCOS III Version 1.39.0 and earlier
- NXP MCUXpresso SDK, previous versions 2.8.2
- NXP MQX, Version 5.1 and earlier
- Redhat newlib, previous versions 4.0.0
- RIOT OS, Version 2020.01.1
- Samsung Tizen RT RTOS, previous version 3.0.GBB
- TencentOS-tiny, Version 3.1.0
- Texas Instruments CC32XX, previous versions 4.40.00.07
- Texas Instruments SimpleLink MSP432E4XX
- Texas Instruments SimpleLink-CC13XX, versions prior to 4.40.00
- Texas Instruments SimpleLink-CC26XX, versions prior to 4.40.00
- Texas Instruments SimpleLink-CC32XX, versions prior to 4.10.03
- Uclibc-NG, previous versions 1.0.36
- Windriver VxWorks, before 7.0
To minimize risk, organizations using a BadAlloc vulnerable device should:
- Apply carrier updates available.
- Minimize the network exposure of all devices or control systems, and ensure that they are not accessible from the Internet.
- Locate the control system network and remote devices behind the firewall, and isolate them from the corporate network.
- When remote access is required, use secure methods, such as virtual private network (VPN).
If vulnerable devices cannot be patched immediately, Microsoft recommends:
- Narrow the attack surface by minimizing or eliminating the vulnerable devices' exposure to the internet;
- Perform network security monitoring to detect indicators of intrusion;
- Strengthen network segmentation to protect important data.
You should read it
- The Mail app on iOS has serious vulnerabilities
- Microsoft rewards $ 250,000 for any talent that discovers the new Meltdown and Specter vulnerabilities
- New dangerous vulnerability in Intel CPU: Works like Specter and Meltdown, threatening all PCs and the cloud
- HP publishes a series of critical vulnerabilities in the Teradici PCoIP protocol
- Detects 'long-standing' security vulnerabilities in Microsoft Office
- Security vulnerabilities - basic insights
- Release software to check DNS server vulnerabilities
- EternalRocks - more dangerous malicious code than WannaCry exploits up to seven NSA vulnerabilities
- 5 common errors in managing security vulnerabilities
- There is a new zero-day vulnerability in Windows
- Detecting zero-day vulnerabilities in Internet Explorer helps hackers gain control of the computer
- Vulnerabilities discovered in many web browsers that allow users to be tracked through installed applications
Maybe you are interested
Windows 11 24H2 'slimmed down' version reduces from 30GB to 4GB
Mozilla considers extending Firefox support on older operating system versions until March 2025
How to find higher quality versions of your favorite songs
5 reasons why many people prefer the web version over the app
Snapdragon 6 Gen 3 Launched: Rebranded Version of Snapdragon 7s Gen 2?
Apple Podcasts launches web version