Last month we reported on a Bash bug that targeted hardware running the Linux, Unix and Mac OS X operating systems. In other parts of the Web, there was much talk about how convenient administrators of Windows running computers could get, since the system is spared from such vulnerability.
Now security researchers from Belgian company Security Factory have found a remote code execution that looks like the Shellshock bug in Windows computers. The particular attack that could potentially bring damage to a Windows running computer could come via a command injection security flaw on Windows command-line shells. This shell could be used to exploit variables in Windows computers in the same way that attackers could take advantage of the Bash.
This vulnerability could allow any network user in an enterprise, for example, to gain full control of Windows servers through a directory name within a directory to which that user has previous access. That means that when a specific user of a network makes a special folder and runs command-shell scripts, chances are that he will be able to successfully take over your Windows system.
Worse, the vulnerability extends its reach to the Windows 10 preview, which Microsoft just unveiled a few days ago. But since the new version of the operating system for desktop is still in its early stage, the Redmond software giant could produce fixes for it.
The execution of anything within the variable name once a user sets up an environment variable, according to Security Factory’s report. It is nonetheless comforting to think for Windows users that this flaw is not as huge as that of the Bash bug affecting Linux, Unix and Mac OS X hardware, and also does not seriously impact Windows and Windows scripting. But certainly Windows Server deployments are affected by the bug, including the some scripts that have been written for Windows system.
Security Factory warns Windows users that they must constantly check their scripts for %CD% access that is not secured, as well as other environment variables. This requires extra amount of work because Microsoft is not expected to release fixes for this flaw anytime soon.
With all that, Microsoft finds to reason to consider the bug a security threat. The company believes Windows clients are not potentially vulnerable to remote exploitation. Security Factory continues, however, to remind users to make an audit of their environment variables code in order to address potential flaws.