Many were excited when Microsoft first revealed that it was adding Rust to the core of Windows 11. This was back in April at the BlueHat IL 2023 conference and around a month later on May 11, the company announced that Rust was now in core Windows 11 Insider builds.
Microsoft's David Weston, Vice President, Enterprise and OS Security, explained that the reason for adding Rust was to improve the security of Windows 11's memory system, as Rust is considered a safer programming language for memory.
But security researchers at Palo Alto Networks discovered a new peer-to-peer (P2P) worm, called P2PInfect. It is written in Rust and affects both Windows and Redis (Remote Dictionary Server) servers running on Linux. The worm exploits the Lua Sandbox Escape vulnerability which is monitored according to the CVE-2022-0543 from 2022. The vulnerability could lead to remote code execution (RCE).
The P2PInfect worm infects a Redis vulnerability by exploiting the Lua sandbox evasion vulnerability, CVE-2022-0543.
Although the vulnerability was disclosed in 2022, its scope is not fully known at this time.
However, it has been rated in the NIST National Vulnerability Database with a Critical CVSS score of 10,0. P2PInfect exploits Redis servers running on both Linux and Windows operating systems.
You can find more technical details about P2PInfect at Palo Alto website.