Shellshock similar vulnerability found in Windows servers
So all of you Windows users out there are probably thinking, ‘phh Shellshock, that does affect me.’ Until recently you would have been right but The Security Factory, a Belgian security company, say they have just uncovered a new coding security vulnerability that might affect commonly used command scripts on file-servers. This vulnerability focuses more on Windows servers unlike Shellshock which can be implemented on a whole range of distributions.
Security Factory had this to say:
“What if we told you that a normal user in your network could take over the control of your Windows file-servers by just creating a special (but [not] so complex) directory-name in one of the directories he has access to?” the company wrote on its website. “In order to succeed, all the user has to do is create a folder with a special name and that you regularly run command-shell scripts for management purposes that have a (pretty common) coding vulnerability.”
In response to this Microsoft said they did not consider this a security vulnerability and told the Security Factory that it would not issue a bulletin.