Published on February 11th, 2015 | Post Views: 2,598 Hits
15-Year-Old JasBug Vulnerability Affects All Versions of Microsoft Windows
- Windows Vista
- Windows 7
- Windows 8
- Windows RT
- Windows 8.1
- Windows RT 8.1
- Windows Server 2003
- Windows Server 2008
- Windows Server 2008 R2
- Windows Server 2012
- Windows Server 2012 R2
- This is an example of a ‘coffee shop’ attack scenario, where an attacker would attempt to make changes to a shared network switch in a public place and can direct the client traffic an attacker-controlled system.
- In this scenario, the attacker has observed traffic across the switch and found that a specific machine is attempting to download a file located at the UNC path: \\10.0.0.100\Share\Login.bat .
- On the attacker machine, a share is set up that exactly matches the UNC path of the file requested by the victim: \\*\Share\Login.bat.
- The attacker will have crafted the contents of Login.bat to execute arbitrary, malicious code on the target system. Depending on the service requesting Login.bat, this could be executed as the local user or as the SYSTEM account on the victim’s machine.
- The attacker then modifies the ARP table in the local switch to ensure that traffic intended for the target server 10.0.0.100 is now routed through to the attacker’s machine.
- When the victim’s machine next requests the file, the attacker’s machine will return the malicious version of Login.bat. This scenario also illustrates that this attack cannot be used broadly across the internet – an attacker need to target a specific system or group of systems that request files with this unique UNC.
- MS15-009: The update patches 41 reported vulnerabilities, one publicly disclosed flaw and 40 privately reported vulnerabilities, in Internet Explorer affecting all versions of the browser from version 6 and above on all operating systems.
- MS15-010: This security update patches six vulnerabilities, one publicly disclosed flaw and remaining reported privately, in Windows 7 and above, and server software after Windows Server 2008 R2 and later editions. The vulnerabilities are due to the way a Windows kernel-level component handles TrueType fonts.