Flatt Security has discovered a critical flaw named 'BatBadBut' in Windows applications, allowing attackers to inject malicious commands.

The vulnerability, officially catalogued as CVE-2024-24576, originates from certain programming languages' interactions with Windows, particularly the 'CreateProcess' function.

RyotaK, a security engineer, uncovered the flaw which affects batch file execution due to improper command argument escaping by several programming languages.

Carnegie Mellon University's CERT/CC issued an advisory and assigned four different CVE identifiers for this widespread issue.

While the vulnerability poses a significant risk, most applications remain unaffected and multiple mitigation measures are available.

Developers are urged to implement recommended security practices to safeguard against the exploitation of the 'BatBadBut' vulnerability.