Welcome to WebmasterWorld Guest from 126.96.36.199
Forum Moderators: bill
Windows 10 Attack Surface Grows with Linux Support in Anniversary Update [threatpost.com]
Microsoft’s release of Windows Anniversary Update last week included an optional feature called Windows Subsystem for Linux that allows native support for Linux binaries. That has some security experts concerned the Windows 10 attack surface has been expanded.
The threat, according to Alex Ionescu, vice president of endpoint detection and response strategy at Crowdstrike, centers on a capability that allows for some Ubuntu Linux features to run within the Windows 10 operating system. Ionescu, who discussed his research with Threatpost last week at Black Hat USA, said modified Linux code could make system calls to Windows APIs and execute malicious actions within the Windows environment.
While useful for developers in operating system tests, this policy also allows a user to boot whatever they wish, including self-signed binaries. The "golden key" debug and unlocking policy problem has emerged due to design flaws in the policy loading system. Security failures have created "golden keys" which unlock Windows devices protected by Secure Boot. [zdnet.com]