Black Hat Expert: WIN10 embedded Linux subsystem faces security risks

Source: Internet
Author: User

Microsoft WIN10 's first Anniversary update system includes a new Linux subsystem, but security company CrowdStrike points out that this increases the chances of hackers being hacked by Windows users and reduces the security of the system.

At the Black Hat Technology conference in progress, Alex Ionescu, a security expert from CrowdStrike, explains the problems that are facing Linux systems embedded in Windows.

Security experts point out that the Linux subsystem of Windows 10 is not running under Hyper-V virtual environments, so it has free access to hardware, and the Windows file system is mapped to Linux, so the Linux subsystem also has the freedom to access files and directories. These mechanisms have created several security holes, and 365 of sports have fixed some of the vulnerabilities after being warned by the CrowdStrike company.

Security experts also point out that in Windows10, Linux applications can modify Windows software because Windows software can modify Linux applications, creating new security threats.

In some cases, Linux environments running under Windows are less secure due to compatibility issues. There are many ways to inject code into your application, modify memory, and add new security threats to Linux applications running under Windows.

The modified Linux code, in turn, calls the Windows system APIs to get system call permissions, triggering malicious behavior that is not small.

Not only that, adding Linux subsystems also makes it more difficult for enterprises to control the applications running on PCs. For example, Linux software can be protected from AppLocker (application control policies), thereby increasing the likelihood of a system being subject to security issues.

Security experts also point out that the likelihood of these attacks being widely exploited is not high because this feature is not activated by default and only a limited number of users will install this advanced feature.

Black Hat Expert: WIN10 embedded Linux subsystem faces security risks

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.