Linux subsystem exposes Windows 10 to new threats

Posted on Wednesday, Aug 10 2016 @ 11:06 CEST by Thomas De Maesschalck
MS logo
One of the new features for enthusiasts in Windows 10 Anniversary Update is the inclusion of Bash, a Linux subsystem. There was quite a lot of excitement about the addition of Bash to Windows, but now security experts are raising concerns because the implementation of Bash creates a new host of security issues.

Security firm CrowdStrike reports the two kernels have direct access to each other, without hypervisors, just two systems with identical access. It appears this decision was taken deliberately to ensure that the Linux subsystem runs at reasonable performance.
It's a bit of a crazy face-palm moment, really. Who did it not occur to that Windows and Linux apps could be modified by each other, bypassing the patches put in place natively?

Code injection is just one example of how a Windows program could attack a Linux app. Once the code is injected, if the infected Linux application makes a call back to Windows, it will be trusted and could trigger some proper borkage.
Note: Bash is not turned on by default in Windows 10 Anniversary Update.

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments