HQ/EMEAFind out how we can help your business
A recent discovery has uncovered a new Rust vulnerability, posing a significant threat to Windows systems.
Based on reports, the critical flaw is CVE-2024-24576, which could enable threat actors to execute command injection attacks. These attacks are notoriously hostile as hackers frequently use them to compromise systems.
The vulnerability occurs from OS command and argument injection bugs within the Rust standard library. Essentially, this flaw allows attackers to run unexpected and potentially harmful commands on the targeted OS, thus jeopardising the security of affected Windows systems.
The newly discovered Rust vulnerability has a CVSS score of 10.
GitHub, a prominent platform for software development collaboration, has classified the Rust vulnerability as critical after assigning it to a maximum CVSS base score of 10/10. In addition, the alarming part of this bug is that attackers can exploit it remotely and with minimal complexity without requiring user interaction.
Upon being notified by concerned researchers of the issue, the Rust Security Response Working Group emphasised that they had not adequately escaped the arguments when invoking batch files on Windows using the Command API. Unfortunately, this mistake enabled the attackers to bypass this mechanism and execute arbitrary shell commands.
The severity of this vulnerability becomes apparent in scenarios where batch files on Windows are used with untrusted arguments. Additionally, any Rust versions before 1.77.2 on Windows are prone to exploitation if programs or their dependencies handle such flawed inputs.
Addressing this critical issue presented a challenge for the Rust admins since the Windows command prompt, cmd.exe, is complex. Despite efforts to find a comprehensive solution, they ultimately had to focus on enhancing the strength of the escaping code and altering the Command API to mitigate the risk.
Furthermore, the Rust Security Response Working Group suggested implementing custom escaping or handling only trusted inputs to provide developers with additional protection. They introduced the CommandExt::raw_arg method, which developers can utilise on Windows to avoid the standard library’s escaping logic when necessary.
The discovery of this critical flaw highlights the ongoing challenges of software security. Fortunately, the Rust security team’s proactive response shows the importance of immediate and decisive action in protecting against potential threats.
