By GoldSparrow in Malware

JASBUG is a recently fixed bug that represents a severe security risk in its Group Policy components. It has taken Microsoft about a year to fix this problem, with a patch in the most recent Windows updates. JASBUG is a severe vulnerability in Group Policy that may affect all computers using the Windows operating system and connected to a corporate Active Directory. Since JASBUG may affect all versions of Windows, the potential damage from exploits involving JASBUG could affect countless computers around the world. JASBUG receives its name because JASBUG was discovered and disclosed by JAS Global Advisors, who provide security advise and solutions.

Tracing the Origins of JASBUG

JASBUG was discovered during a research involving name collisions on commercial domains using .com and other top level domains. JASBUG was first reported to Microsoft about one year ago, in January 2014, but its presence was not made public until a patch was available so the threat would not be made known to third parties and threat developers. The main issue with JASBUG is that JASBUG is a problem in design rather than implementation, which makes solving a more difficult task. Microsoft was forced to make several important changes to the Windows operating system core components as well as implement new features to their products, all of which took a year to carry out. If JASBUG had been made public, third parties would have been able to exploit JASBUG during that year in order to collect data and execute threatening code on affected computers.

How Third Parties can Use the JASBUG Security Vulnerability

Using JASBUG, a hacker would be able to manipulate how Group Policy handles policy data. JASBUG is identified as CVE-2014-0008 and can be used by a remote party to take over an infected computer in order to carry out threatening code on the affected computer. JASBUG would give an attack full user rights, allowing them to create accounts, modify or delete data or install other programs (such as keyloggers, banking Trojans or other forms of malware). JASBUG is a significant discovery since JASBUG is present in the core components of Windows. That means that, in theory, the Windows operating system has been vulnerable to JASBUG attacks since at least 2004.

Administrators use domain controllers to manage large numbers of computers. Domain controllers are servers that communicate with these computers using the Internet or a VPN when the local network is not connected by them. This is common in many business networks where employees are provided with devices which comply with the business' security standards. Domain controller servers have group policy settings. These are enforced on the joined systems in order to override local configuration. Basically, all of these settings are centralized, controlled from one single source. The JASBUG bug allows a third-party to convince a user with a computer that has been configured for the domain to connect to a network that is controlled by the attacker. It then takes advantage of how Group Policy manages policy data when this connection between domain controller and domain-joined computers occurs. Computers that connect using public Internet connections rather than secure VPN services are at the highest risk for exposure to these kinds of attacks.

A third-party could cause Group Policy to run threatening scripts or programs by spoofing legitimate security policies and scripts. To prevent this from happening, Microsoft has now added a new Windows feature: UNC Hardened Access, which can be configured to make these connections safer and eliminate the JASBUG threat. Installing the latest security patches can prevent JASBUG attacks. Administrators are also encouraged to read the latest documentation involving this new Windows feature and the new security measures. Microsoft and JAS have not released full reports on JASBUG until adequate protection has been provided for most computer users.


Most Viewed