Rust on Windows 11, is used to distribute the P2PInfect worm

Many were excited when Microsoft first revealed that it was adding Rust to the core of Windows 11. This was back in April at the BlueHat IL 2023 conference and around a month later on May 11, the company announced that Rust was now in core Windows 11 Insider builds.

cloud 21 illustration green

Microsoft's David Weston, Vice President, Enterprise and OS Security, explained that the reason for adding Rust was to improve the security of Windows 11's memory system, as Rust is considered a safer programming language for memory.

But security researchers at Palo Alto Networks discovered a new peer-to-peer (P2P) worm, called P2PInfect. It is written in Rust and affects both Windows and Redis (Remote Dictionary Server) servers running on Linux. The worm exploits the Lua Sandbox Escape vulnerability which is monitored according to the CVE-2022-0543 from 2022. The vulnerability could lead to remote code execution (RCE).

The P2PInfect worm infects a Redis vulnerability by exploiting the Lua sandbox evasion vulnerability, CVE-2022-0543.

Although the vulnerability was disclosed in 2022, its scope is not fully known at this time.

screenshot 2023 07 22 06 27 41

However, it has been rated in the NIST National Vulnerability Database with a Critical CVSS score of 10,0. P2PInfect exploits Redis servers running on both Linux and Windows operating systems.

You can find more technical details about P2PInfect at Palo Alto website.

Get the best viral stories straight into your inbox!















P2PInfect

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).