Skip to main content

15-Year-Old JasBug Vulnerability Affects All Versions of Microsoft Windows

Microsoft just issued a critical patch to fix a 15-year-old vulnerability that could be exploited by hackers to remotely hijack users’ PCs running all supported versions of Windows operating system.

The critical vulnerability — named "JASBUG" by the researcher who reported the flaw — is due to a flaw in the fundamental design of Windows that took Microsoft more than 12 months to release a fix. However, the flaw is still unpatched in Windows Server 2003, leaving the version wide open to the hackers for the remaining five months.

The vulnerability (CVE-2015-0008) could allow an attacker to easily hijack a domain-configured Windows system if it is connected to a malicious network – wirelessly or wired, giving attacker consent to do various tasks including, to go forth and install programs; delete, alter or peruse users' data; or to create new accounts with full user rights.

However, Jasbug vulnerability do not affects home users because they are not usually domain-configured, but the bug is a massive discomfort for IT pros who typically connect to business, corporate, or government networks using the Active Directory service.

The vulnerability, classified as MS15-011, allows hackers who are in a position to monitor traffic passing between the user and the Active Directory network to launch a Man-in-the-Middle (MitM) attack in order to execute malicious code on vulnerable systems.

  • Windows Vista
  • Windows 7
  • Windows 8
  • Windows RT
  • Windows 8.1
  • Windows RT 8.1
  • Windows Server 2003
  • Windows Server 2008
  • Windows Server 2008 R2
  • Windows Server 2012
  • Windows Server 2012 R2
Microsoft, on its blog post, provided the following example of how a malicious hacker could exploit the Jasbug vulnerability on a machine connected over open Wi-Fi at a coffee shop:
  • This is an example of a ‘coffee shop’ attack scenario, where an attacker would attempt to make changes to a shared network switch in a public place and can direct the client traffic an attacker-controlled system.
  • In this scenario, the attacker has observed traffic across the switch and found that a specific machine is attempting to download a file located at the UNC path: \\\Share\Login.bat .
  • On the attacker machine, a share is set up that exactly matches the UNC path of the file requested by the victim: \\*\Share\Login.bat.
    • The attacker will have crafted the contents of Login.bat to execute arbitrary, malicious code on the target system. Depending on the service requesting Login.bat, this could be executed as the local user or as the SYSTEM account on the victim’s machine.
  • The attacker then modifies the ARP table in the local switch to ensure that traffic intended for the target server is now routed through to the attacker’s machine.
  • When the victim’s machine next requests the file, the attacker’s machine will return the malicious version of Login.bat. This scenario also illustrates that this attack cannot be used broadly across the internet – an attacker need to target a specific system or group of systems that request files with this unique UNC.
In addition to Jasbug vulnerability, Microsoft released two other security updates that are rated critical, both with the potential to allow remote code execution on a vulnerable machine.
  1. MS15-009: The update patches 41 reported vulnerabilities, one publicly disclosed flaw and 40 privately reported vulnerabilities, in Internet Explorer affecting all versions of the browser from version 6 and above on all operating systems.
  2. MS15-010: This security update patches six vulnerabilities, one publicly disclosed flaw and remaining reported privately, in Windows 7 and above, and server software after Windows Server 2008 R2 and later editions. The vulnerabilities are due to the way a Windows kernel-level component handles TrueType fonts.
The remaining six patches in Microsoft's February Patch update are all rated "important" by Redmond. Two vulnerabilities in Microsoft Office could allow RCE and security feature bypass, and bugs in Windows that could allow elevation of privilege, security feature bypass and information disclosure. Also a vulnerability in Virtual Machine Manager (VMM) could give an attacker elevated privileges


Popular posts from this blog

Here Are 7 Brilliant Cheat Sheets For Linux/Unix

There's nothing better than a cheatsheet when you are stuck and need a reference. So here bringing to you 7 brilliant free cheat sheets. 

1. Unix Tool Box: An incredibly exhaustive reference for all things Linux. This document is a collection of Unix/Linux/BSD commands and tasks which are useful for IT work or for advanced users.

2. One page Linux Manual: Great one page reference to the most popular Linux commands, it is a summary of useful Linux commands.

3. Linux Reference Card: One great reference published by FOSSwire.

4. Linux Command Line Cheat Sheet: This is an interestingly sorted and helpful cheat sheet by cheatography.

5. Linux Command Line Tips: This is a linux command line reference for common operations. Cleanly sorted and well described.

6. Treebeard’s Unix Cheat Sheet: A great reference that shows command comparisons with that of DOS. So if you are someone who was a DOS user and has switched to Linux, this is the best one too have!

7. Linux Shortcuts and Commands:…

WhatsApp is illegal, will soon banned in India : Government

WhatsApp could have accidentally entered into troubled waters here in India by enabling its end-to-end encryption for all. The new security feature by WhatsApp is not what is required by the Indian telecom rules and WhatsApp could face a ban, if the rules are not adhered to. But not yet.
In India, companies need to follow the country’s rules and adhere to specific types of encryption, which WhatsApp does not currently use. WhatsApp’s end-to-end encryption on its chat service means that WhatsApp or anyone else won’t be able to crack open its contents.  Only the sender and the recipient are able to read the encrypted data. WhatsApp uses a 256-bit key for encryption of all chat messages, which is only known to the sender and the recipient.
Why is it not possible for WhatsApp to help decrypt users’ messages? "No one can see inside that message. Not cybercriminals. Not hackers. Not oppressive regimes. Not even us," WhatsApp founders Jan Koum and Brian Acton wrote on their blog. How…

3 Mega Acquisitions in last week affects the Internet Space of India

Qihoo 360 buys Opera in $1.2 Billion Opera Software intends to accept a $1.2 billion acquisition offer from a group of Chinese companies. The Chinese consortium includes Internet security company Qihoo 360, Internet firm Beijing Kunlun (which invested roughly$93 millioninto Grindr earlier in the year) and investment group Golden Brick and Yonglian. According to Opera, the $1.2 billion is a 56 percent premium over Opera's share price during the last 30 trading days. Despiteclaiming350 million users, the company's browser has struggled in the oversaturated Western market. China could be a profitable arena for Opera, in part because Google's Chrome browserdoes not come preinstalled on Android phones in China like it does elsewhere. In addition, doing business in China without local partners is nigh impossible, but Opera could leverage the networks of Kunlun and Qihoo 360 if the deal goes through.

Snapdeal Buys Freecharge in $400Million e-commerce marketplace Snapdeal has acquired …