Windows shell vulnerability requires nothing more than forgotten quotes
Windows SysAdmins: before you laugh yourself to sleep over all those Linux systems struggling to patch Shellshock vulnerabilities, a recently discovered flaw in Windows Powershell allows similar privilege escalation with very little work. The recently discovered vulnerability relies upon:
a simple coding error-allowing untrusted input to be run as a command. In the current incarnation of the exploit, an attacker appends a valid command onto the end of the name of a directory using the ampersand character. A script with the coding error then reads the input and executes the command with administrator rights.Seems if mankind can make it, mankind can also break it. Keep those systems patched, folks!
Sorry for the lack of substance in this post but I did want to acknowledge your contribution.