A critical new vulnerability affecting the most recent versions of Windows will require active intervention from systems administrators, who will need to reconfigure the operating system in addition to applying a patch.
The Microsoft Windows Group Policy Remote Code Execution Vulnerability (CVE-2015-0008) primarily impacts on corporate users since it affects computers that are members of an Active Directory service. Most home users will be unaffected, since their computers are usually not configured in this way.
Nicknamed “JASBUG” following its discovery by JAS Global Advisers, the vulnerability could allow an attacker to gain control of a domain-configured computer if they convince the victim to connect to an attacker-controlled network. If an attacker gained access to a victim’s computer, they would be able to remotely execute code, allowing them to potentially steal data or install malware on the computer.
The vulnerability affects Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT, and Windows RT 8.1. Microsoft has already issued a Security Bulletin and patch for the issue. The vulnerability also affects Windows Server 2003, but no patch will be released. Microsoft said it would be infeasible to build the fix for this version. Windows XP and Windows 2000 are also affected, but these operating systems are no longer supported by Microsoft.
The vulnerability hadn’t been publicly disclosed prior to patching and Microsoft has said that it has found no evidence of its exploit in the wild.
Unlike many vulnerabilities, addressing this issue has required the creation of a number of new Windows features and Microsoft has said that in order to protect affected computers, additional configuration by a systems administrator is required in addition to deploying the patch. Guidance on configuration is provided in Microsoft Knowledge Base Article 3000483.
Advice for businesses
Symantec advises affected organizations to treat this vulnerability as an urgent priority. Since mitigation requires active intervention on the part of systems administrators in addition to patching, this vulnerability may attract the attention of attackers attempting to capitalize on inattention from administrators relying on automatic security updates.