Small Business Technology News

New JASBUG Vulnerability Escalates The Importance Of Applying Today's Microsoft Patches

Written by Tim Morral
Published: 2/10/2015

JASBUG, a newly disclosed security vulnerability, could allow hackers to hijack control of computers running Active Directory, used by over 95 percent of Fortune 500 companies.

There's a new security threat for private and public organizations to worry about. Called the JASBUG vulnerability, the bug could potentially affect more than 300 million target computers--that's 600 times more than the number of computers impacted by the well-publicized Heartbleed bug that was disclosed in April 2014.

JASBUG Security Vulnerability - Bigger Than Heartbleed

What Is JASBUG?

Named after JAS Global Advisors, the firm that spotted the threat through sophisticated pattern analysis, the JASBUG vulnerability targets users of Active Directory--a special-purpose database for Windows that is typically activated on every employee computer in an organization.

Approximately 95 percent of Fortune 500 companies use Active Directory. With the Fortune 500 workforce totaling more than 25 million employees, this means that at least 23.75 million Fortune 500 computers are vulnerable to JASBUG. Outside of the Fortune 500, we estimate that another 300 million computers could be affected by the JASBUG security threat.

Since federal, state and local agencies frequently use Active Directory, the security of government computers is also at risk. Active Directory also powers many ATMs, cash register and other consumer-facing devices, which means the vulnerability's reach is not limited only to business and government.

While hundreds of millions of computers and devices are vulnerable and need to be patched, the actual danger of JASBUG is less than one might think at first blush. In a blog post on its Security Research and Defense blog, Microsoft explains a scenario in which the JASBug exploit can be used by a hacker to gain remote access to other computer's on a shared "coffee shop" network, but they make it clear that the attack cannot be used broadly across the internet. In other words, a JASBUG attack only works if the cybercriminal has access to a computer or device that is on an organization's LAN (Local Area Network).

While that requirement limits the potential damage of JASBUG, this is still a very serious vulnerability that companies need to attend to. If not addressed, the JASBUG threat could threaten both private and public sector organizations. Based on the scope of the infection and the data stored on target computers, JASBUG could, if successfully used as an exploit, easily impact data security as well as the integrity of corporations' IT ecosystems.

JASBUG also poses a significant risk to industrial control systems, such as those run at dams and nuclear power plants. The Industrial Control Systems Cyber Emergency Response Team, part of the Department of Homeland Security, has issued ICS-ALERT-15-041-01, warning control systems owners that they should expedite applying critical JASBUG fixes: "Control systems that are members of a corporate Active Directory may be at risk. ICS-CERT is monitoring this vulnerability and will provide additional information related to control systems as it becomes available."

Given that many of these control systems still use Windows XP as their operating system, they are effectively unpatchable, which may put vital global infrastructure at risk of attack by cyberterrorists.

What is also remarkable about JASBUG is that the company that discovered it kept quiet for nearly a year while Microsoft implemented the fixes that were announced today. Apparently, this was a very complex fix.

How to Protect Your Organization's Computers from JASBUG

While it is believed that the JASBUG vulnerability was discovered before it was widely known within the cybercrime world, it's impossible to know whether it has already been used by cyberhackers. Certainly, they know about it now, further highlighting the need for IT leaders and Windows users to proactively respond to the risk.

Experts do not recommend discontinuing the use of Active Directory because it is an important piece of software that is often integrated into corporate IT infrastructure. Instead, organizations and users are advised to quickly apply the Microsoft security patches that were released on Feb. 10, 2015 Patch Tuesday. You can learn more about the vulnerability and the patch here.

Business owners and middle market IT departments should immediately apply all of today's Patch Teusday patches to all of the computers in their organizations to avoid a worst-case scenario. Owners and managers should also consider performing an evaluation to uncover other more common information security attacks that could threaten the integrity of data and systems.

Share this article

 


About Our Entrepreneur News

Our small business news site is packed with useful information for small business startups and entrepreneurs. Find helpful entrepreneur resources about the latest business news and financial news concerning the market and the economy.


Additional Resources for Entrepreneurs

Lists of Venture Capital and Private Equity Firms

Franchise Opportunities

Contributors

Business Glossary