Home Malware Programs Malware JASBUG

JASBUG

Posted: February 27, 2015

Threat Metric

Threat Level: 1/10
Infected PCs: 12
First Seen: February 27, 2015
OS(es) Affected: Windows

JASBUG is a Windows security vulnerability that may allow remote attackers to modify the reception and application of data for some types of Group Policy users. Although Microsoft has privately known of JASBUG since early 2014, and JASBUG has been present for notably longer than that, difficulties in patching it led to JASBUG's being unpatched until the next year. JASBUG offers security holes equivalent to that of a backdoor Trojan's attack, allowing remote access to your PC and control over it. Subsequently, malware experts recommend that all vulnerable Windows users install the patch for JASBUG immediately.

JASBUG: the Decade-Old Chink in Microsoft's Armor

JASBUG (or, by its official designation from Microsoft, CVE-2015-0008) is, like many vulnerabilities of note, a flaw that allows third parties to implement the remote execution of arbitrary code. Although JASBUG's NVD listing seems to imply that this bug is recent, other sources have verified that JASBUG exists in various versions of Windows from the past ten years. Microsoft was officially alerted to JASBUG in the previous year, but only was able to provide a patch for JASBUG early in 2015.

A lack of client-to-server authentication allows JASBUG's exploitation via UNC data spoofing of legitimate Group Policy usages. Vulnerable versions of Windows include Windows Server 2003, Vista, Server 2008, Windows 7, Windows 8, 8.1, and Server 2012 Gold. Microsoft has classified JASBUG as 'critical,' the highest warning label appropriate for a security flaw.

Despite the wide-ranging nature of JASBUG, only PCs using a corporate Active Directory may be attacked through JASBUG. Remote attackers may use JASBUG to gain typical backdoor access to a machine, including access to admin-only privileges. Devices using 'roaming' access to corporate networks, such as the access points found in coffee shops or hotels, may be particularly likely to be targeted.

Putting an End to a Bug in Your Network Bonnet

Network administrators and other, relevant security personnel should familiarize themselves with the new 'Hardened Access' Windows feature, which Microsoft has provided explicitly to counter the authentication vulnerability of JASBUG. Unpatched Windows users also should take into account the increased risk of JASBUG attacks from unsafe networks. A VPN (Virtual Private Network) setup is one traditional method of protecting network users from similar, remote attacks.

Symptoms of JASBUG's exploitation of your machine may be evident in terms of unusual modifications to your system settings or network traffic. However, Trojans intended for corporate targets, such as those most likely to be affected by JASBUG, typically provide few or no visible symptoms. Since JASBUG's public disclosure could cause a corresponding rise in exploitation attempts, malware researchers advise Windows users to be diligent about patching their OS and using preventative security protocols.

Loading...