The capability to run Linux in some versions of the latest Windows 10 update has flaws, which has resulted in a new attack surface.
According to a report by eWeek, most of the issues were reported to Microsoft and have been fixed – but in certain cases the “Linux environment running in Windows is less secure because of compatibility issues”.
“There are a number of ways that Windows applications could inject code, modify memory, and add new threats to a Linux application running on Windows,” stated Alex Ionescu, chief architect at Crowdstrike.
The modified Linux code could then call Windows APIs and get access to system calls to perform malicious actions, stated the report.
“Linux on Windows is not running inside of a Hyper-V hypervisor. Linux is running on the raw hardware, getting all the benefits of performance and system access, as well as expanding the potential attack surface,” said Ionescu.