Windows administrators were sitting back and watching the Shellshock CVE (Common Vulnerabilities Exposures) fireworks CVE-2014-6277 and CVE-2014-6278
Now that we(Security IT community) are thinking Shellshock … Does windows have a problem as well?
First of all let’s define “Shellcode” – as in Projectshellcode.com Shellcode is when one can create a “shell” from the attacked machine and also send the command line back to you (the attacker) i.e. Remote code execution is the goal.
There are definite differences between Linux and Windows Shellcode, and this has to do with how Windows works.
What is the goal is remote attacks on a machine and without any prior access of course.
Internet Storm center thoughts on Windows Shellcode
The second one, CVE-2014-6278, is closer to the original shellshock bug. The PoC exploit posted by Michal is:
HTTP_COOKIE='() { _; } >_[$($())] {echo hi mom; id;}' bash -c :
Just like the first bug, the parser is confused as to where the function definition ends, and it executes the code in { }.
But it only works on machines that have cygwin installed (a Unix like emulator)
————————–
But this is unlikely to get anywhere due to Windows needing to interface with a DLL, and unless the machine has not been patched for various Windows vulnerabilities
There is a potential problem in Windows file servers
Threatpost has an article on this topic: from Securityfactory.be post
And it comes down to not placing quotes in a batch file around %CD%
So one is only vulnerable if one has poorly vetted batch files with %CD% in them.
I am sure that the people attempting to crack the Windows environment as well are looking into this “new” avenue of attack. But you can see this is not new after all.
To discuss this please contact me http://www.fixvirus.com/?page_id=105