Skip to main content
Customer Support Customer Support

15-year-old bug allows malicious code execution in all versions of Windows

Jasper_The_Rasper
Moderator
Forum|alt.badge.img+54

Windows admins: Patch now, unless you run 2003, in which case you're out of luck.

by Dan Goodin - Feb 10 2015
 
http://cdn.arstechnica.net/wp-content/uploads/2015/02/jasbug-attack-640x288.jpg  MicrosoftMicrosoft just patched a 15-year-old bug that in some cases allows attackers to take complete control of PCs running all supported versions of Windows. The critical vulnerability will remain unpatched in Windows Server 2003, leaving that version wide open for the remaining five months Microsoft pledged to continue supporting it.
 
Full Article

    2 replies

    Jasper_The_Rasper
    Moderator
    Forum|alt.badge.img+54
    10 Feb 2015 at 09:04, Gavin Clarke
     
    http://regmedia.co.uk/2014/10/29/grim_repear.png?x=648&y=429&crop=1
     
    Upgraded your Windows Server 2003 yet? Don’t worry, you’re not alone.
    Gartner reckons there are eight million Windows Server 2003 OS instances in operation, and SI Avanade reckons that of those instances, a full 20 per cent – 1.6 million – will blow past the 14 July end-of-support date.
    What happens six months from now, on 14 July? That's the date Microsoft issues its last security fix ever for Window Server 2003 – the end of extended support from the server operating system's maker.
    That means any new hacks built or vulnerabilities discovered in Windows Server 2003 and those running the legacy server OS will be facing them on their own.
     
    Full Article
    Ssherjj
    1 person likes this
    • Ssherjj
      Ssherjj
    R
    Community Guide
    • retiredAntus67
    • Community Guide
    • 5988 replies
    • February 12, 2015
    By Lucian Constantin
     

    The design flaw took more than a year to patch and even then Windows Server 2003 was left out.

     
    Microsoft patched a critical vulnerability Tuesday that put Windows computers at risk of full compromise, especially those in corporate networks.
    Developing and testing a patch for the flaw, dubbed JASBUG, took over a year and required additional hardening of Group Policy, the feature that organizations use to centrally manage Windows systems, applications, and user settings in Active Directory environments.
    The vulnerability is a fundamental design flaw in Group Policy that remained undiscovered for at least a decade, according to security consulting firm JAS Global Advisors, which found the flaw together with another security company called simMachines. They reported it to Microsoft in January 2014.
     
    full article

    Reply


    Terms & Conditions