Researchers\u00a0at Microsoft have\u00a0discovered\u00a0vulnerabilities\u00a0in\u00a0operating\u00a0systems\u00a0used\u00a0by\u00a0IoT\u00a0and OT\u00a0devices\u00a0in commercial, medical, and industrial environments.\u00a0The Azure Defender for\u00a0IoT\u00a0group\u00a0at the Microsoft Security Response Center has\u00a0revealed that such critical memory allocation flaws, dubbed BadAlloc,\u00a0allow\u00a0security controls to be bypassed\u00a0in\u00a0order\u00a0to\u00a0execute\u00a0malicious code or cause systems to\u00a0crash. The vulnerabilities are present in memory allocation functions ranging from Real-Time Operating Systems (RTOS) Software Development Kits (SDKs) and C language libraries (libc). Microsoft itself acknowledges that installing patches on IoT\/OT devices can be complex, so it recommends trying to reduce the attack surface by minimizing the exposure of vulnerable devices on the Internet, monitoring networks for indicators of strange behavior, and strengthening the network segmentation process to protect critical assets. As far as is\u00a0known, the\u00a0vulnerabilities\u00a0have\u00a0not been detected\u00a0in the\u00a0wild, but offer potential attackers a wide surface area to cause damage.\u00a0The\u00a0full\u00a0list of\u00a0affected\u00a0products is\u00a0available\u00a0on the US Department of Homeland Security's\u00a0website. Some experts point out that the rampant adoption rate of IoT devices is not necessarily good news, as security may have been left on the sidelines, opening up loopholes for attacks on devices and entire networks. A recent survey by Tripwire, which specializes in IT security and compliance automation, revealed that 99% of respondents said they have considerable difficulty when trying to secure IoT and IIoT (Industrial Internet of Things) devices. Two-thirds also said they face problems identifying and fixing With the thought of helping developers, manufacturers, businesses, and consumers promote the security of IoT systems, OWASP (Open Web Application Security Project), a non-profit foundation working towards software security, maintains a list of the top 10 behaviors to avoid when it comes to the Internet of Things. The truth is that there is a big disparity between how often the firmware of IoT devices is updated and how quickly vulnerabilities in their critical components are emerging. Who will lead this race in the coming years?