15-yr old MS flaw can hit all Windows OSs

One of the three critical patches issued on Tuesday by Microsoft fixes a 15-year-old vulnerability called Jasbug (CVE-2015-0008) which enables hackers to remotely hijack users' PCs running all supported versions of Windows operating system.

According to a report in SC Magazine US and on The Hacker News website yesterday, there is a flaw in the fundamental design of Windows which caused Microsoft to take more than 12 months to release a fix – and even then the flaw is still unpatched in Windows Server 2003.

Using the flaw an attacker can hijack a domain-configured Windows system connected to a malicious network – wirelessly or wired, enabling them to install programs; delete, alter or view users' data, or create new accounts with full user rights.

Companies, rather than home users are the target as the flaw lets hackers monitoring traffic passing between the user and the Active Directory network (typically used for business connections)  launch a Man-in-the-Middle (MitM) attack.

Classified as MS15-011, Microsoft, explains how the vulnerability might be used on its blog post in, for example, in a cafe with its own WiFi.