Windows 7 and 8 have a vulnerability that could leave users open to a hacking attack that would go unnoticed by them or any antivirus they have installed.
However, this particular vulnerability isn’t a “bug” in the traditional sense, but a power-user feature, known as PowerShell 2, that can be exploited by canny hackers.
PowerShell 2 is a command shell that has come preinstalled with every version of Windows since Windows 7, including Windows 10. It allows certain processes to be automated and scripts to be run, which is particularly handy for system administrators.
However, as it’s on by default in Windows 8 and 8.1 and most people don’t realise, it also presents a handy vector through which hackers can attack your system and go undetected using a Cross-Site Scripting (XSS) attack.
XSS attacks rely on a web applications, such as login or registration forms, being vulnerable to a JavaScript injection, and social engineering tactics.
At the most simple level, they can be used to steal data like login credentials, for example by showing an iframe popup claiming a user’s session has timed out and they need to log back in.
At a more advanced level, they can be used to put malware onto the victim’s computer that can log keystrokes or turn on peripherals like their microphone or webcam, by convincing them to download a harmful file disguised as an essential one.
While all this is possible without needing to access PowerShell, access to the command terminal can make attacks even more potent.
“When the pop-ups are sent, the Java script calls the PowerShell executable in a hidden way, using inline expression (IEX),” Michele Orru, a penetration tester at security firm Trustwave, said.
“With this [the hacker] can start PowerShell and … send function calls to download the payload from a malicious URL. This is all done in memory – nothing touches the disk – which makes it very unlikely an antivirus would catch it,” said Orru.
The potential is then there for hackers to download and upload files at will, without the user or their anti-malware realising it’s happening.
“You could do something similar in Visual Basic in the past, but you had to touch the disk, so it would be caught,” he added.
How to protect yourself
The good news is there are ways to protect yourself against this kind of attack if you don’t use PowerShell – and no, reverting back to Windows XP isn’t one of them.
In Windows 7, PowerShell 2’s administrative rights are turned off by default, and you have to choose to enable them, so most users should be safe. If PowerShell unexpectedly asks you for permission to make changes to the computer it could be a sign of a hacking attempt and, as with other programs, you should reject it.
In Windows 8, however, PowerShell is on by default. To disable it, go to the control panel and select Programs and Features . Click on Turn Windows features on or off and, when the dialogue box appears, scroll down to the folder labelled Windows PowerShell 2.0 and un-tick it to disable. To re-enable it, simply re-tick the box.
As Windows 10 is still in Technical Preview, we can’t give details right now on whether PowerShell 2 is on by default or not, but we will update our advice once the full consumer version is available.
Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.
