MS14-019 – Fixing a binary hijacking via .cmd or .bat file

Command (.cmd) and batch (.bat) files can be directly provided as input to the CreateProcess as if it is an executable. CreateProcess uses the cmd.exe automatically to run the input .cmd or .bat.   Today, with the bulletin MS14-019 we are fixing a vulnerability, where in particular scenario it is possible to hijack the cmd.exe …

MS14-019 – Fixing a binary hijacking via .cmd or .bat file Read More »