Sudos and Sudon’ts: Peering inside Sudo for Windows
Michael Torres
DEF CON 32 Main Stage · Day 1 · Main Stage
Michael Torres's DEF CON 32 presentation, "Sudos and Sudon’ts: Peering inside Sudo for Windows," delves into the security implications of Microsoft's new Sudo for Windows utility. This tool, slated for release in the Windows 11 H2 update, aims to bring the familiar Linux `sudo` experience—allowing users to run commands with elevated privileges while maintaining standard input/output redirection—to the Windows command line. Torres, an Operational Technology Security expert at Google and a cyber specialist with the US Marine Corps Reserve, conducted extensive research on early preview versions of Sudo for Windows, uncovering several vulnerabilities and design quirks.
AI review
This talk delivers a brutally honest and technically profound dissection of Microsoft's new Sudo for Windows utility. Torres conducted original, deep-dive research into a foundational operating system component, uncovering multiple critical vulnerabilities, including memory corruption in Rust, cross-user code execution via ALPC, and data tampering. His work provides invaluable, actionable insights for both administrators and security researchers, challenging assumptions about memory-safe languages and exposing the real-world implications of subtle design flaws in critical system software…