minute read Share this article: Azure Defender security team discovers that memory allocation is a systemic problem that can allow threat actors to execute malicious code remotely or cause entire systems to crash. Security researchers at Microsoft are warning the industry about 25 as-yet undocumented critical memory-allocation vulnerabilities across a number of vendors’ IoT and industrial devices that threat actors could exploit to execute malicious code across a network or cause an entire system to crash. Dubbing the newly discovered family of vulnerabilities “BadAlloc,” Microsoft’s Section 52—which is the Azure Defender for IoT security research group–said the flaws have the potential to affect a wide range of domains, from consumer and medical IoT devices to industry IoT, operational technology, and industrial control systems, according to a report published online Thursday by the Microsoft Security Response Center (MSRC).