Which operating system was not directly affected by the Shellshock vulnerability?

Shellshock targets Bash, the Unix-like shell used by many systems such as Linux, macOS, and BSD. The flaw lies in how Bash processes environment variables that define functions; if an attacker can set such a variable right before Bash runs, they can trigger execution of arbitrary code. That’s why any system that runs a vulnerable Bash and passes environment variables to sub-processes could be compromised, especially in contexts like CGI scripts or remote services. Windows isn’t affected in the same way because it doesn’t ship with Bash as its default or primary shell. It uses cmd.exe or PowerShell, which don’t parse Bash function definitions in environment variables. So, by default, Windows is not directly affected. If Windows users install Bash through Cygwin or Windows Subsystem for Linux with a vulnerable Bash, that specific Bash environment could be at risk, but the Windows operating system itself isn’t the vulnerability.