Story 2014-10-12 2T7S Windows shell vulnerability requires nothing more than forgotten quotes

Windows shell vulnerability requires nothing more than forgotten quotes

by
Anonymous Coward
in security on (#2T7S)
Windows SysAdmins: before you laugh yourself to sleep over all those Linux systems struggling to patch Shellshock vulnerabilities, a recently discovered flaw in Windows Powershell allows similar privilege escalation with very little work. The recently discovered vulnerability relies upon:
a simple coding error-allowing untrusted input to be run as a command. In the current incarnation of the exploit, an attacker appends a valid command onto the end of the name of a directory using the ampersand character. A script with the coding error then reads the input and executes the command with administrator rights.
Seems if mankind can make it, mankind can also break it. Keep those systems patched, folks!
Reply 1 comments

Love Batch Files (Score: 0)

by Anonymous Coward on 2014-10-14 18:32 (#2TC3)

Thanks for the heads-up, AC. I appreciate it. I love batch files though. :)

Sorry for the lack of substance in this post but I did want to acknowledge your contribution.