Integer overflows leave IoT, OT, medical gear vulnerable to heap-seeking missiles
Share
Copy
Microsoft has taken a look at memory management code used in a wide range of equipment, from industrial control systems to healthcare gear, and found it can be potentially exploited to hijack devices.
The Windows giant has urged folks to get the latest firmware releases that address the holes, and test and deploy them, if possible. And if not, take steps to segment devices on the network, monitor them, and reduce access to them to lessen the blow if a compromise occurs.
Drilling down to the nitty-gritty: Microsoft's Azure Defender for IoT security research group looked at memory allocation functions, such as