Microsoft warns of RCE vulnerabilities in dozens of IoT operating systems

Microsoft warns of RCE vulnerabilities in dozens of IoT operating systems

A signage of Microsoft is seen on March 13, 2020 in New York City. The IoT security team at the Microsoft Security Response Center said vulnerabilities discovered affect at least 25 different products made by more than a dozen organizations, including Amazon, ARM, Google Cloud, Samsung, RedHat, Apache and others. (Jeenah Moon/Getty Images)

Microsoft researchers have discovered multiple memory allocation and remote code execution vulnerabilities in the operating systems for a wide range of commercial, medical and operational technology Internet of Things devices.


According to the IoT security team at the Microsoft Security Response Center, the flaws affect at least 25 different products made by more than a dozen organizations, including Amazon, ARM, Google Cloud, Samsung, RedHat, Apache and others. As of now, exploits leveraging the vulnerabilities haven’t been spotted in the wild, but they offer potential attackers a broad surface area to do damage.


“Given the pervasiveness of IoT and OT devices, these vulnerabilities, if successfully exploited, represent a significant potential risk for organizations of all kinds,” Microsoft wrote.


According to an overview compiled by the Cybersecurity and Infrastructure Security Agency, 17 of the affected product already have patches available, while the rest either have updates planned or are no longer supported by the vendor and won’t be patched. See here for a list of impacted products and patch availability.


Where patching isn’t available, Microsoft advises organizations to implement network segmentation, eliminate unnecessary to operational technology control systems, use (properly configured and patched) VPNs with multifactor authentication and leverage existing automated network detection tools to monitor for signs of malicious activity.


While the scope of the vulnerabilities across such a broad range of different products is noteworthy, such secur ..

Support the originator by clicking the read the rest link below.