Microsoft Finds Memory Allocation Code Security Flaw Could Lead to Hijacking: Tons of Devices at Risk

Microsoft claimed that there is a major security flaw in the memory allocation code of various devices, including healthcare gears, industrial control systems, and more.

Microsoft Claims Tons of Devices Have Memory Allocation Code Major Security Flaw: How Serious Is It?
A particpant checks a circuit board next to an oscilloscope on the first day of the 28th Chaos Communication Congress (28C3) - Behind Enemy Lines computer hacker conference on December 27, 2011 in Berlin, Germany. The Chaos Computer Club is Europe's biggest network of computer hackers and its annual congress draws up to 3,000 participants. Photo by Adam Berry/Getty Images

The tech giant claimed that this security issue could lead to hijacking, making tons of devices at risk of a possible major breach. Because of this, Microsoft is now urging its users to install the latest firmware releases to prevent the memory allocation code security issue.

"To date, Microsoft has not seen any indications of these vulnerabilities being exploited. However, we strongly encourage organizations to patch their systems as soon as possible," said the tech giant company.

"At the same time, we recognize that patching IoT/OT devices can be complex. For devices that cannot be patched immediately, we recommend mitigating controls," added Microsoft.

Can You Avoid Microsoft's newly found security flaw?

According to Daily UK News' latest report, Microsoft suggested that users need to do these to avoid the new memory allocation security flaw. It added that these methods are efficient for devices that can't be patched immediately:

Microsoft Windows Event June 24
The Microsoft logo is illuminated on a wall during a Microsoft launch event to introduce the new Microsoft Surface laptop and Windows 10 S operating system, May 2, 2017 in New York City. The Windows 10 S operating system is geared toward the education market and is Microsoft's answer to Google's Chrome OS. Photo by Drew Angerer/Getty Images
  • Implement network security monitoring to detect behavioral indicators of compromise.
  • Reduce the attack surface by minimizing or eliminating exposure of vulnerable devices to the internet.
  • Strengthen network segmentation to protect critical assets.

On the other hand, the United States government's Cybersecurity and Infrastructure Agency (CISA) also provided 25 software that could be affected by the newly discovered security flaw.

These include Google Cloud's IoT Device SDK, Red Hat's newlib, Windriver's VxWorks, Amazon's FreeRTOS, Arm's Mbed OS, and more.

How Does the New Memory Allocation Code Flaw Work?

The Register reported that the new programming flaw happens when a hacker sends a fool the user's device application code into making a very large memory allocation. This allows the gadget's buffer to hold further incoming information.

Cybercriminals can do this by sending malicious data into their victims' devices. Because of the large data sizes, the allocations of the user's device is are expected to fail, allowing them to hijack the victim's gadget.

For more news updates about Microsoft's memory allocation flaw and other security issues, always keep your tabs open here at TechTimes.

This article is owned by TechTimes

Written by: Griffin Davis

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics