Adding Linux Bash to Windows 10 Anniversary Update could be a huge security risk
The arrival of Linux in Windows 10 caused ripples of excitement in certain circles. But as well as making it possible to run GUI Linux apps on the desktop, there are also concerns that there are security risks associated with having the Bash feature from Linux available in Windows 10 Anniversary Update.
Speaking at the Black Hat USA security conference, Alex Ionescu from Crowdstrike said that he had reported some concerns to Microsoft during the testing period of Windows 10. While some of the issues he raised have been addressed, he says that the presence of Linux represents a "new potential attack surface" that users need to be aware of.
Ionescu, speaking with eWeek, warns that: "There are a number of ways that Windows applications could inject code, modify memory and add new threats to a Linux application running on Windows". Part of the problem is that Linux does not run in a Hyper-V hypervisor, so it has access to Windows APIs and system calls, and the Windows file system is mapped to Linux as well.
The way Microsoft has implemented its own update mechanism for Linux in Windows is also concerning, but it is the fact that Linux is granted direct access to hardware and system resources that is the greatest worry. What’s key is not necessarily what Microsoft has implemented, but how it has been implemented. While it is true that there is not a full Linux kernel embedded in Windows 10, there are enough components for it to be possible to bypass security features. The ability to run Linux apps is certainly useful, but it's also open to abuse.
At the moment, simply because of the relatively small numbers of people making use of the feature, the risk is fairly small -- but there is still a risk. Ionescu says: "Attackers don't usually go after the latest things where they would only impact a small percentage of the market. But as the feature adoption grows, this might become a more attractive attack vector".
A final word of warning is issued about AppLocker. This Windows security feature is not compatible with Linux apps, opening up the potential for malicious software to be executed. The advice is to make use of a firewall as this will help to identify any suspicious traffic that may come as a result of this.