L

ast week, Microsoft started rolling out its latest Windows 10 Anniversary Update . Out of the many new features that came with the update, the ability to run Bash on Ubuntu on Windows 10 was liked by many. The update includes a Linux subsystem that allows a developer to run his/her favorite Ubuntu tools on a Windows machine.

This Linux subsystem is reportedly creating new security risks for Windows 10 users. Security company CrowdStrike’s chief architect Alex Ionescu has noted that the Linux subsystem increases the attack surface by gaining complete access to the raw hardware.

This increased risk could be attributed to the fact that Linux on Windows 10 doesn’t run inside a Hyper-V hypervisor. Thus, due to the absence of some isolation, the Windows file system is also mapped to the Linux port, sharing the complete files and directories.

Imagine a risky situation where a hacker manages to inject notorious code in some Linux application. In such condition, your double-edged Linux subsystem will let the hacker view all files and folders of your primary Windows system by calling Windows APIs.

As reported by eWeek, Ionescu said that he has informed Microsoft about the issue in beta phase and some of them have already been fixed. However, some problems are still arising because of the compatibility issues.

“In some case, the Linux environment running in Windows is less secure because of compatibility issues. There are a number of ways that Windows applications could inject code, modify memory and add new threats to a Linux application running on Windows.”

— Ionescu said