Microsoft Discloses Vulnerabilities in OT and IoT Devices

Last night, Microsoft disclosed more than 25 critical memory allocation vulnerabilities in OT and IoT devices that could enable an attacker to bypass security controls and execute malicious code or cause a system to crash in industrial, medical, and enterprise networks.

Experts Comments

April 30, 2021
Andy Norton
European Cyber Risk Officer
Armis

The biggest challenge faced by organisations today is simply not knowing what needs to be secured. Outside of the standard corporate IT environment typified by “Windows”, every organisation we talk to simply doesn’t know what devices they have, where they are, or what they do.

 

So when disclosures like this happen, most organisations would not have a clue what RTOS their OT, Medical or IoT devices are running. I suspect the NHS may issue a cyber alert for this; however, it would only be

.....Read More

The biggest challenge faced by organisations today is simply not knowing what needs to be secured. Outside of the standard corporate IT environment typified by “Windows”, every organisation we talk to simply doesn’t know what devices they have, where they are, or what they do.

 

So when disclosures like this happen, most organisations would not have a clue what RTOS their OT, Medical or IoT devices are running. I suspect the NHS may issue a cyber alert for this; however, it would only be informational. The NHS trusts we see all struggle to get to grips with DSPT requirements and all have high levels of uncertainty about the number, variety, location, and risk posed from their digital estate. In addition to this, sophisticated actors will attempt to use exploit chaining to circumvent the prescribed mitigations, as the recently disclosed FRAG/44 provides an attacker with the ability to bypass firewall rule-sets, breaking the segmentation and isolation recommendations for BadAlloc.

  Read Less
April 30, 2021
Marty Edwards
VP of OT security
Tenable

Vulnerabilities such as the BadAlloc flaws underscore the need for critical infrastructure and manufacturing organizations to have continuous visibility into the devices used in their production environments. It is no longer sufficient to evaluate your risk 'with a clipboard' on a periodic basis. When the CISO comes to ask if your organization is exposed to these latest vulnerabilities, you should have the answer immediately. Not being able to answer that question gives attackers the upper hand.

.....Read More

Vulnerabilities such as the BadAlloc flaws underscore the need for critical infrastructure and manufacturing organizations to have continuous visibility into the devices used in their production environments. It is no longer sufficient to evaluate your risk 'with a clipboard' on a periodic basis. When the CISO comes to ask if your organization is exposed to these latest vulnerabilities, you should have the answer immediately. Not being able to answer that question gives attackers the upper hand.


Since these vulnerabilities are in the Real-Time Operating Systems that are the foundation of many OT and IoT devices, the end-user may not actually know that they rely on these products. Hopefully, the OT OEM vendor community will evaluate these vulnerabilities and determine if they are a risk in their products. We always advise owners of OT to work with their vendors on how to appropriately mitigate vulnerabilities in critical devices. This case is no different.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.