Shellshock-like weakness may affect Windows

Minimalist · Oct 6, 2014

As more people dig into the severity and depth of Bash vulnerabilities, it appears that similar Shellshock-like remote code execution is possible on Windows systems, with Windows servers in particular at risk for RCE attacks.

The Security Factory, a Belgian security company, reported discovering a command injection vulnerability for Windows command-line shellsthat takes advantage of environment variables in a similar fashion to Bash exploits.
Click to expand...

http://threatpost.com/shellshock-like-weakness-may-affect-windows

Minimalist · Oct 11, 2014

Poor punctuation leads to Windows shell vulnerability

The attack relies on scripts or batch files that use the command-line interface, or "shell," on a Windows system but contain a simple coding error—allowing untrusted input to be run as a command. In the current incarnation of the exploit, an attacker appends a valid command onto the end of the name of a directory using the ampersand character. A script with the coding error then reads the input and executes the command with administrator rights.
Click to expand...

http://arstechnica.com/security/2014/10/poor-punctuation-leads-to-windows-shell-vulnerability/

Log in or Sign up

Shellshock-like weakness may affect Windows

Minimalist Registered Member

Minimalist Registered Member

Log in or Sign up

Shellshock-like weakness may affect Windows

Minimalist Registered Member

Minimalist Registered Member

Useful Searches