Linux on Windows 10 Poses a Security Risk

Aug 10, 2016

Security researchers have already notified Microsoft; some fixes are available

As the instances of Linux virtual machines are increasing on Microsoft Azure, Microsoft is looking at Linux as a development platform. To enable sysadmins and developers to manage their Linux machines from Windows, without having to resort to a VM, the company worked with Canonical to bring Ubuntu's version of the Bash shell to Windows 10. To achieve this, Microsoft has built a new subsystem within Windows called the Windows Subsystem for Linux (WSL). Ubuntu for Windows runs on top of the WSL infrastructure to offer Linux developer tools on Windows, but according to Crowdstrike chief architect Alex Ionescu, this design is creating some serious security issues.

Ionescu, who delivered a talk on WSL issues at the recent BlackHat security conference, has already reported his findings to Microsoft, and some of the issues have already been fixed. In an interview with eWeek, Ionescu said, "There are a number of ways that Windows applications could inject code, modify memory, and add new threats to a Linux application running on Windows."

Ionescu also added that the Linux environment running in Windows is less secure because of compatibility issues with the host operating system. He noted that Microsoft's whitelisting service for Windows application, AppLocker, doesn't work with Linux applications.

Related content

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More

News