Poor punctuation leads to Windows shell vulnerability

by
Anonymous Coward
in security on (#2T7N)
"A class of coding vulnerabilities could allow attackers to fool Windows system administrators into running malicious code because of a simple omission: quotation marks."

http://arstechnica.com/security/2014/10/poor-punctuation-leads-to-windows-shell-vulnerability/

History

2014-10-12 16:43
Windows shell vulnerability requires nothing more than forgotten quotes
zafiro17@pipedot.org
"A class of coding vulnerabilities could allow attackers to fool Windows SysAdmins: before you laugh yourself to sleep over all those Linux systems administrators into runnggling mto patch Shellshock vulnerabilictious code because, of a simprecentley omdissicon:vered quotflatw ion maWindows Powerks."

hell http://allows similarstechnica.com/secu prity/2014/10/poor-punvilege esctualation- with very littleads-to- windows-srk. The recentll-y discovered vulnerability/ relies upon:
a simple coding error-allowing untrusted input to be run as a command. In the current incarnation of the exploit, an attacker appends a valid command onto the end of the name of a directory using the ampersand character. A script with the coding error then reads the input and executes the command with administrator rights.blockquote>Seems if ma>nkind can make it, mankind can also break it. Keep those systems patched, folks!
Reply 0 comments