Among the set of patches that Microsoft released today, there is one interesting fix under the number MS15-011. This patch closes a vulnerability in the Active Directory algorithm that was discovered back in January 2014 by employees of JAS Global Advisors. All this time, the existence of a bug called JASBUG was kept secret. Interestingly, this vulnerability was in the very first version of Active Directory, which appeared already in 2000. Active Directory is a system that allows administrators to configure users' computers on their network. Computers receive commands from the server and execute them. The vulnerability was in the DNS processing algorithm. Theoretically, a user's computer could be deceived by man-in-the-middle attacks in such a way that instead of a corporate server, it would accept commands from a false server raised by a hacker.
In writing on her blog, Microsoft described in detail the possible attack technology: ')
1. A hacker, examining traffic passing through a switch, detects that a certain computer is trying to download a file located at the UNC address \\ 10.0.0.100 \ Share \ Login.bat 2. A shared resource with the same name is made on the hacker's computer: \\ * \ Share \ Login.bat. Naturally, the file Login.bat contains the commands needed by the hacker. 3. The hacker changes the APR table of the switch, and the traffic sent to the server 10.0.0.100 now goes to his computer 4. The victim computer, when requesting a file, receives it not from the server, but from the computer of the hacker
Microsoft explains that since the vulnerability was in the Active Directory technology itself, administrators need to be familiar with the instructions for this patch to ensure further security. Also announced that for Windows Server 2003, which the company will support until this summer, the patch will not be released.