JASBUG
Posted: February 27, 2015
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 1/10 |
---|---|
Infected PCs: | 12 |
First Seen: | February 27, 2015 |
---|---|
OS(es) Affected: | Windows |
JASBUG is a Windows security vulnerability that may allow remote attackers to modify the reception and application of data for some types of Group Policy users. Although Microsoft has privately known of JASBUG since early 2014, and JASBUG has been present for notably longer than that, difficulties in patching it led to JASBUG's being unpatched until the next year. JASBUG offers security holes equivalent to that of a backdoor Trojan's attack, allowing remote access to your PC and control over it. Subsequently, malware experts recommend that all vulnerable Windows users install the patch for JASBUG immediately.
JASBUG: the Decade-Old Chink in Microsoft's Armor
JASBUG (or, by its official designation from Microsoft, CVE-2015-0008) is, like many vulnerabilities of note, a flaw that allows third parties to implement the remote execution of arbitrary code. Although JASBUG's NVD listing seems to imply that this bug is recent, other sources have verified that JASBUG exists in various versions of Windows from the past ten years. Microsoft was officially alerted to JASBUG in the previous year, but only was able to provide a patch for JASBUG early in 2015.
A lack of client-to-server authentication allows JASBUG's exploitation via UNC data spoofing of legitimate Group Policy usages. Vulnerable versions of Windows include Windows Server 2003, Vista, Server 2008, Windows 7, Windows 8, 8.1, and Server 2012 Gold. Microsoft has classified JASBUG as 'critical,' the highest warning label appropriate for a security flaw.
Despite the wide-ranging nature of JASBUG, only PCs using a corporate Active Directory may be attacked through JASBUG. Remote attackers may use JASBUG to gain typical backdoor access to a machine, including access to admin-only privileges. Devices using 'roaming' access to corporate networks, such as the access points found in coffee shops or hotels, may be particularly likely to be targeted.
Putting an End to a Bug in Your Network Bonnet
Network administrators and other, relevant security personnel should familiarize themselves with the new 'Hardened Access' Windows feature, which Microsoft has provided explicitly to counter the authentication vulnerability of JASBUG. Unpatched Windows users also should take into account the increased risk of JASBUG attacks from unsafe networks. A VPN (Virtual Private Network) setup is one traditional method of protecting network users from similar, remote attacks.
Symptoms of JASBUG's exploitation of your machine may be evident in terms of unusual modifications to your system settings or network traffic. However, Trojans intended for corporate targets, such as those most likely to be affected by JASBUG, typically provide few or no visible symptoms. Since JASBUG's public disclosure could cause a corresponding rise in exploitation attempts, malware researchers advise Windows users to be diligent about patching their OS and using preventative security protocols.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.