Critical 'BatBadBut' Flaw Threatens Windows Apps: Urgent Patch Advised
April 13, 2024Flatt Security has discovered a critical flaw named 'BatBadBut' in Windows applications, allowing attackers to inject malicious commands.
The vulnerability, officially catalogued as CVE-2024-24576, originates from certain programming languages' interactions with Windows, particularly the 'CreateProcess' function.
RyotaK, a security engineer, uncovered the flaw which affects batch file execution due to improper command argument escaping by several programming languages.
Carnegie Mellon University's CERT/CC issued an advisory and assigned four different CVE identifiers for this widespread issue.
While the vulnerability poses a significant risk, most applications remain unaffected and multiple mitigation measures are available.
Developers are urged to implement recommended security practices to safeguard against the exploitation of the 'BatBadBut' vulnerability.
Summary based on 2 sources
Get a daily email with more Tech stories
Sources
Hackread - Latest Cybersecurity, Tech, Crypto & Hacking News • Apr 13, 2024
Windows Apps Vulnerable to Command Injection via "BatBadBut" FlawSecurity Affairs • Apr 13, 2024
BatBadBut flaw allowed an attacker to perform command injection on Windows