All Versions Of Windows Vulnerable To 15 Year Old Code Bug

A patch was issued yesterday by Microsoft that patches a 15 year old vulnerability. The bug allows hackers to gain complete control of the system and remains unpatched for Windows 2003 Server as well as Windows 8.1 and Windows Server 2012R2, .  Several researchers reported the bug in January of 2014.  It is not clear as to why it took 12 months to patch this critical vulnerability.

The vulnerability is called Jasbug and allows an attacker able to monitor a network the ability to get in between an active directory user and the active directory database. Technical details can be found on Microsoft Technet under security bulletin MS15-011 at https://technet.microsoft.com/library/security/MS15-011

There are additional details on MS15-011 and another vulnerability MS15-014 which allows for complete bypass of group policy security.  Details can be found on the Microsoft Security Research and Defense Blog at http://blogs.technet.com/b/srd/archive/2015/02/10/ms15-011-amp-ms15-014-hardening-group-policy.aspx

Microsoft has also created a support page for the MS15-011 patch with important technical information at:https://support.microsoft.com/kb/3000483

Post by Protocol 46