This article originally appeared at The WHIR
Microsoft has issued updates that address a critical vulnerability known as “JASBUG” that affects all current versions of Windows and allows an attacker to take complete control of an affected system.
JASBUG is a flaw in how Group Policy receives and applies policy data when a domain-joined Windows clients or server connects to a domain controller.
To exploit it, the attacker has to convince a victim with a domain-configured system to connect to a network controlled by the attacker. This allows them to take complete control of an affected system – letting them install programs, view, change, or delete data, and create new accounts with full user rights.
Microsoft, released technical patches as a part of its “Patch Tuesday” release on 10 February 2015.
JAS Global Advisors LLC (JAS) and simMachines uncovered the vulnerability while research potential technical issues relating to the rollout of new Generic Top Level Domains (New gTLDs) on behalf of ICANN. It is especially interesting to note that JASBUG does not directly relate to ICANN’s New gTLD Program nor to new TLDs in general.
JAS said the vulnerability was found “by applying ‘big data’ analytical techniques to very large (and relatively obscure) technical datasets,” which revealed unusual patterns. Data analytics from simMachines and JAS’ technical security expertise helped shed light on a fundamental design flaw that has been present in Windows systems for at least a decade.
JAS notes that devices outside of enterprise networks known as “roaming machines” could be especially vulnerable. “Roaming machines – domain-joined Windows devices that connect to corporate networks via the public Internet (e.g. from hotels and coffee shops) – are at heightened risk.”
Microsoft said the security update is “Critical” – the company’s most severe rating – for Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1.
Microsoft’s security updates address the vulnerability by improving how domain-configured systems connect to domain controllers prior to Group Policy accepting configuration data.
Microsoft, however, notes that it is not issuing a patch for Windows Server 2003, which it says doesn’t have the proper architecture to support the fix, and that building the fix for Windows Server 2003 would require re-architecting a very significant amount of the core operating system, which isn’t feasible.
JAS mentions that JASBUG is a design problem not an implementation problem like what was found in vulnerabilities like Heartbleed, Shellshock, Gotofail, and POODLE. And this required Microsoft to re-engineer core components of its operating systems, with special attention to backwards compatibility and supported configurations, requiring added care and extensive regression testing on the part of Microsoft.
Systems administrators responsible for administering Microsoft environments should immediately review the Microsoft documentation.
This article originally appeared at: http://www.thewhir.com/web-hosting-news/micrsoft-issues-security-updates-addressing-jasbug-vulnerability-windows
