The Shellshock vulnerability is a big problem for Mac OS X, some Linux distributions and many other Unix-like operating systems, but at least Windows machines are safe — mostly. Although Shellshock exploits a weakness in the Bash shell, which can be used to process commands in Unix-like software, researchers have discovered how to apply the same basic logic to Microsoft Windows, complete with potential malware.
The research comes from The Security Factory, an online-security company based in Schelle, Belgium. The demonstration is complicated, even by command-prompt standards, but shows how an extremely clever, persistent hacker could theoretically seed malware in Windows using the same logic that fuels the Shellshock flaw.
Shellshock is dangerous because, in simple terms, it lets users run arbitrary code in the Bash shell, or command-line environment. (Bash is the most widely used of half a dozen major Unix shells.)
Arbitrary code, as its name suggests, can be anything at all. A remote attacker taking advantage of your command to type "Hello world!" might not sound very threatening, but arbitrary code can also run scripts to download and execute malicious programs.
If you're curious to find out exactly how the Windows exploit could work, it's best to check out TSF's very detailed explanation, as it gets deep into the weeds. The short version is that by "echoing" a command in the Windows command prompt, it's possible to fool a computer into thinking that you have access to Folder B when you really have access to Folder A.
This kind of intrusion is actually fairly harmless to everyday PCs, since even if a hacker could get access to your command prompt, planting and executing a file is much harder than simply accessing a folder's contents. However, TSF theorizes that a really dedicated hacker with access to a file server could cause some serious mischief.
For its own part, Microsoft is aware of the vulnerability, but has elected to not address it. A Microsoft representative replied to TSF — correctly — that putting quotation marks around the part of code that allows the exploit to happen can effectively prevent it. The problem is that Microsoft does not advise this course of action directly in any of its how-to scripting support posts.
The bottom line is that while a very enterprising malefactor could use Shellshock's tricks to affect a Windows system, system administrators can take prophylactic measures against it, and everyday users don't have to worry about it. With fixes for the various affected Unix-like operating systems already being deployed as well, Shellshock's potential impact should continue to diminish over time.