back to article Filename-handling slip let attackers evade FireEye analysis

Researchers at Blue Frost Security have disclosed a bug that let them evade FireEye's analysis engine, getting a short-lived but dangerous way to whitelist malware. The issue, for which FireEye has issued a patch, is that the analysis engine doesn't properly sanitise filename inputs given to its Windows batch script. As Blue …

  1. Anonymous Coward
    Anonymous Coward

    The batch script continues

    Wtf.

    Does WNT's COPY (or a suitable homegrown substitute) not have some kind of completion status that might perhaps have been checked in the script to make sure that what had happened was what was hoped for?

    What kind of organisation lets people write this kind of rubbish?

    Yet more proof that WNT wasn't, isn't, and never will be VMS++.

    1. Crazy Operations Guy

      Re: The batch script continues

      And welcome to why PowerShell exists. The scripting capabilities are far, far superior and would easily prevent something like this from happening. Hell, VisualBasic would've been able to prevent this...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022