Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Shellshock-like Weakness May Affect Windows

  • Please log in to reply
2 replies to this topic

#1 JohnC_21


  • Members
  • 24,649 posts
  • Gender:Male
  • Local time:07:07 AM

Posted 06 October 2014 - 01:14 PM

Shellshock-like Weakness May Affect Windows


As more people dig into the severity and depth of Bash vulnerabilities, it appears that similar Shellshock-like remote code execution is possible on Windows systems, with Windows servers in particular at risk for RCE attacks.The Security Factory, a Belgian security company, reported discovering a command injection vulnerability for Windows command-line shells that takes advantage of environment variables in a similar fashion to Bash exploits.


“What if we told you that a normal user in your network could take over the control of your Windows file-servers by just creating a special (but [not] so complex) directory-name in one of the directories he has access to?” the company wrote on its website. “In order to succeed, all the user has to do is create a folder with a special name and that you regularly run command-shell scripts for management purposes that have a (pretty common) coding vulnerability.”

Aviv Raff, CTO at Seculert, said there are similarities to Shellshock with this issue and that it extends even into the Windows 10 preview.



BC AdBot (Login to Remove)


#2 NickAu


    Bleepin' Fish Doctor

  • Moderator
  • 13,710 posts
  • Gender:Male
  • Location: Australia
  • Local time:11:07 PM

Posted 06 October 2014 - 04:12 PM

It seems nothing is safe from this type of thing.


White hat claims Yahoo and WinZip hacked by “shellshock” exploiters



#3 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,734 posts
  • Gender:Male
  • Local time:01:07 PM

Posted 08 October 2014 - 01:20 PM

It is quite different.


First of all, cmd.exe is not like bash: it does not evaluate all environment variables implicitly at startup. For cmd.exe, the variable has to be evaluated explicitly.

Second, Windows programs are not designed like *nix programs. Programs are not so often stringed/piped together. For example, Windows webserver (IIS) does not call cmd.exe when it invokes another program via CGI.

Didier Stevens

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019


If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.


Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users