Critical vulnerability in Group Policy puts Windows computers at risk
Microsoft patched a critical vulnerability Tuesday that put Windows computers at risk of full compromise, especially those in corporate networks.
Developing and testing a patch for the flaw, dubbed JASBUG, took over a year and required additional hardening of Group Policy, the feature that organizations use to centrally manage Windows systems, applications, and user settings in Active Directory environments.
The vulnerability is actually a fundamental design flaw in Group Policy that remained undiscovered for at least a decade, according to security consulting firm JAS Global Advisors, which found the flaw together with another security company called simMachines. They reported it to Microsoft in January 2014.