Microsoft recently patched Jasbug (MS15-011), a fifteen year old vulnerability it has deemed ‘critical’. It could potentially allow attackers to take control of systems running any version of Windows (which, according to Netshare, accounts for about 91% of the market), but it’s only really a problem if you’re running Windows Server 2003.
Jasbug – named after its discovery by JAS Global Advisors – mostly works on remote execution, which could let an attacker get control of a domain-configured computer if they manage to lure it into an attacker controlled network. Once they have access, they can remotely execute code, which could let them steal data or install malware. In English: this is not something you want in your system.
The vulnerability was privately reported to Microsoft recently, and it was patched, which is good; but because Windows Sever 2003 reached end-of-life at the end of last year it means that the updates won’t work for this version, which is bad.
There doesn’t seem to be evidence that it’s been exploited in the wild, but still, you could be at risk and need to take steps to protect yourself; and if you’re still using this system, the only way around it is to upgrade to a newer version.
If you’re a UKFast customer on this version of Windows, please get in touch with your account manager for more information on how to protect yourself.