Todays Patch Tuesday includes a patch for serious vulnerability impacting core components of the Microsoft Windows Operating System. All computers and devices members of a corporate Active Directory are affected. The bug was discovered by JAS Global Advisors who named the bug “JASBUG”.
The vulnerability is remotely exploitable and can be used to grant attackers administrator-level privileges on the targeted machine or device – 10s of millions of PCS, kiosks and other devices, if left untreated. The exploit was identified by Jeff Schmidt, founder of JAS Global Advisors in 2014 while he was working an engagement with ICANN, the organization governing the standards of the Internet. With Microsoft, Jeff worked for a year to create the patch released today.
Jag writes on their website, “all computers and devices that are members of a corporate Active Directory may be at risk. The vulnerability is remotely exploitable and may grant the attacker administrator level privileges on the target machine/device. Roaming machines — Active Directory member devices that connect to corporate networks via the public Internet (possibly over a Virtual Private Network (VPN)) — are at heightened risk.”
Microsoft has classified this vulnerability with the most serious rating (“Critical”) in Microsoft’s classification taxonomy. The issue has been marked Critical because “exploitation could allow code execution without user interaction”.
Unlike recent high-profile vulnerabilities like Heartbleed, Shellshock , Gotofail and POODLE, this is a design problem, not an implementation problem, making this type of vulnerability unusual and much more difficult to fix. The fix required Microsoft to re-engineer core components of the operating system and to add several new features.
The bug was discovered by Jag by applying big data analytics on very large datasets. According to Jag, “The analysis revealed unusual patterns in the datasets and focused additional expert inspection. The combination of sophisticated data analytics by simMachines and JAS’ technical security expertise revealed a fundamental design flaw that has remained elusive for at least a decade.”
Fixing the issue does not only mean applying an update, but also configuring a new feature, Jag writes, “IT professionals administering Microsoft environments should immediately review the Microsoft documentation available at https://support.microsoft.com/kb/3000483. As remediation involves a new feature that must be configured on Active Directory Clients and Servers, it is important that systems administrators move rapidly but responsibly.”