Linux on Windows 10 Poses a Security Risk

As the instances of Linux virtual machines are increasing on Microsoft Azure, Microsoft is looking at Linux as a development platform. To enable sysadmins and developers to manage their Linux machines from Windows, without having to resort to a VM, the company worked with Canonical to bring Ubuntu's version of the Bash shell to Windows 10. To achieve this, Microsoft has built a new subsystem within Windows called the Windows Subsystem for Linux (WSL). Ubuntu for Windows runs on top of the WSL infrastructure to offer Linux developer tools on Windows, but according to Crowdstrike chief architect Alex Ionescu, this design is creating some serious security issues.

Ionescu, who delivered a talk on WSL issues at the recent BlackHat security conference, has already reported his findings to Microsoft, and some of the issues have already been fixed. In an interview with eWeek, Ionescu said, "There are a number of ways that Windows applications could inject code, modify memory, and add new threats to a Linux application running on Windows."

Ionescu also added that the Linux environment running in Windows is less secure because of compatibility issues with the host operating system. He noted that Microsoft's whitelisting service for Windows application, AppLocker, doesn't work with Linux applications.