Microsoft’s release of Windows Anniversary Update last week included an optional feature called Windows Subsystem for Linux that allows native support for Linux binaries. That has some security experts concerned the Windows 10 attack surface has been expanded.
The threat, according to Alex Ionescu, vice president of endpoint detection and response strategy at Crowdstrike, centers on a capability that allows for some Ubuntu Linux features to run within the Windows 10 operating system. Ionescu, who discussed his research with Threatpost last week at Black Hat USA, said modified Linux code could make system calls to Windows APIs and execute malicious actions within the Windows environment.
“Security researchers, admins and forensic security experts are used to hunting Windows threats on Windows platforms and are adept at auditing them. Now you have a very interesting new paradigm where Linux applications can run on a Windows machine,” Ionescu said. “If this feature is turned on, you have support for unmodified Linux binaries – malicious or not.”