A new Windows flaw that affects all recent editions of Windows server, from Windows 2003 to 2012, as well as desktop operating systems including Windows 7 and 8, has emerged. The defect is deemed as critical by Microsoft. Administrators are urged to patch as soon as possible via their normal channels.
This flaw is notable in that it isn’t just an oversight in a few (million) lines of code; it is a flaw in theĀ architectural design of Windows that took over a year to correct and for Microsoft to release an appropriate patch.
Although exploitation details on the flaw are scarce for obvious reasons, it appears the problem affects Windows machines that are being used in a domain environment. It has been given CVE number CVE-2015-0008.
The flaw was discovered by JAS Global Advisors that work with ICANN. This devastating flaw unfortunately rates as exceptionally easy to exploit, requiring only that a user connects to a system controlled by the attacker.
Yet another potentially interesting fact is that Microsoft has admitted that it will not fix the issue in Windows 2003, as it is slated to be retired soon. This fact gives a hint as to the underlying complexity of the fix as the error was reported back in early 2014 according to JAS. It was found not by traditional reverse engineering, but by applying big data analytics to try and pinpoint code failures
