Windows Environment Variables Vulnerability

According to the vulnerability that has been released on 27th of June; attackers may maliciosly set environment variables on Windows due to unsanitized NUL values.

In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. Therefore a malicious environment variable value can exploit this to set a value for a different environment variable. For example, the environment variable string "A=B\x00C=D" sets the variables "A=B" and "C=D". (CVE-2022-41716)

Affected Systems

Configuration 1
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* Up to (excluding) 1.18.8
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* From (including) 1.19.0 Up to (excluding) 1.19.3
Running on/with
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

IoC’s

Current Security Vulnerability Reports

SolarWinds Serv-U Remote Code Execution Vulnerability

21/07/2021

Microsoft Exchange Server Remote Code Execution Vulnerability-34473

21/07/2021

Microsoft Exchange Server Remote Code Execution Vulnerability-31206

21/07/2021

VMware VCenter Remote Code Execution Vulnerability

26/05/2021

Microsoft Exchange Server Remote Code Execution Vulnerabilities

14/04/2021

March 2021 Microsoft Exchange 0-Day Reports

03/03/2021

Spectre Vulnerability Exploitation

03/03/2021

Masslogger Phishing Campaign

19/02/2021

SolarWinds: Raindrop Malware

20/01/2021

SolarWinds Orion API Authentication Bypass Vulnerability

28/12/2020

SolarWinds Sunburst Attack Campaign

22/12/2020

StrongPity Watering Hole

07/07/2020

Microsoft SMBv3 Compression Vulnerability

11/03/2020

Critical Microsoft Vulnerability – March 2020

11/03/2020

MS Exchange Validation Key Remote Code Execution Vulnerability

28/02/2020

Windows Environment Variables Vulnerability