Tuesday, November 5, 2024
Homecyber securityCritical Rust Vulnerability Let Hackers Inject Commands on Windows Systems

Critical Rust Vulnerability Let Hackers Inject Commands on Windows Systems

Published on

Malware protection

A new critical vulnerability has been discovered in two of the Rust standard libraries, which could allow a threat actor to execute shell commands on vulnerable versions.

This vulnerability has been assigned CVE-2024-24576, and its severity has been given as 10.0 (Critical).

In this report, Rust Security Response stated that they have not identified a solution yet but have created a workaround to mitigate this vulnerability.

- Advertisement - SIEM as a Service

This vulnerability was credited to RyotaK and Simon Sawicki (Grub4K) for helping them fix it.

Critical Rust Vulnerability

According to the reports shared with Cyber Security News, this vulnerability exists due to insufficient validation of arguments passed to Command::arg and Command::args APIs. 

The documentation of these two APIs states that the arguments passed to the APIs directly to the spawned process, and it will not be evaluated by a shell.

In addition, the implementation of these two APIs is complicated due to the fact that the Windows API passes all of the provided arguments as a single string, leaving the splitting process with the spawned process.

Document
Stop Advanced Phishing Attack With AI

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Stopping 99% of phishing attacks missed by other email security solutions. .

However, the cmd.exe process has a different splitting logic in Windows as it forces the standard library to perform the escaping for the arguments.

Nevertheless, this escaping sequence was not sufficiently validated, making it easier for threat actors to pass malicious arguments to the spawned process to execute arbitrary shell code. 

As a means of mitigating this vulnerability, Rust Security response team improved the escaping code with strong implementations and has made the Command API to return an InvalidInput error if it cannot safely escape any argument. 

Moreover, this error will be thrown during the process of spawning. For Windows users, the CommandExt::raw_arg method can be used to bypass the standard library’s escaping logic used by the cmd.exe process. 

Affected Versions And Fix

This vulnerability affects all the Rust versions earlier than 1.77.2 on Windows if any code or dependencies execute batch files with untrusted arguments.

Other platforms are not affected by this vulnerability.

To fix this, the Rust Security response team has recommended upgrading Rust to the latest version, 1.77.2, to prevent any unauthorized malicious threat actors from exploiting this vulnerability.

Secure your emails in a heartbeat! To find your ideal email security vendor, Take a Free 30-Second Assessment.

Eswar
Eswar
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

ClickFix Exploits GMeet & Zoom Pages to Deliver Sophisticated Malware

A new tactic, "ClickFix," has emerged. It exploits fake Google Meet and Zoom pages...

APT36 Hackers Attacking Windows Deevices With ElizaRAT

APT36, a sophisticated threat actor, has been actively targeting Indian entities with advanced malware...

Hackers Using AV/EDR Bypass Tool From Cybercrime Forums To Bypass Endpoints

Researchers uncovered two previously unknown endpoints with older Cortex XDR agents that used to...

Hackers Created 100+ Fake Web Stores To Steal Millions Of Dollars From Customers

The Phish, 'n' Ships fraud operation leverages, compromised websites to redirect users to fake...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Google Patched 40 Security Vulnerabilities Along With Two Zero-Days

Google has released a batch of security updates addressing 40 vulnerabilities, two of which...

Sophisticated Phishing Attack Targeting Ukraine Military Sectors

The Ukrainian Cyber Emergency Response Team discovered a targeted phishing campaign launched by UAC-0215...

New Windows Zero-Day Vulnerability Let Attackers Steal Credentials From Victim’s Machine

A security researcher discovered a vulnerability in Windows theme files in the previous year,...