Vulnerability Note VU#787252
Microsoft Windows domain-configured client Group Policy fails to authenticate servers
Microsoft Windows domain-configured client Group Policy fails to authenticate servers over Universal Naming Convention (UNC) paths.
Microsoft has released MS15-011, detailing a critical flaw in which Windows domain-configured client Group Policy fails to authenticate servers over Universal Naming Convention (UNC) paths. Upon connecting to a network, Group Policy runs logon scripts to receive and apply policy data from a domain controller. By joining an attacker-controlled network, the vulnerable system will execute attacker-provided scripts since the server is not required to authenticate itself. Because of the way that the Multiple UNC Provider (MUP) iterates through UNC providers to establish a connection to the domain controller, the vulnerability may be remotely exploitable when a UNC path is resolved over the Internet.
A remote, unauthenticated attacker may execute arbitrary code and completely compromise vulnerable systems.
Apply an update and configure Group Policy settings
Vendor Information (Learn More)
Many versions of Microsoft Windows operating systems are confirmed vulnerable, including:
Unsupported operating systems such as Microsoft Windows XP and 2000 may also be affected.
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||12 Feb 2015|
CVSS Metrics (Learn More)
Microsoft credits Jeff Schmidt of JAS Global Advisors, Dr. Arnoldo Muller-Molina of simMachines, and the Internet Corporation for Assigned Names and Numbers (ICANN) with discovering this issue.
This document was written by Joel Land.
- CVE IDs: CVE-2015-0008
- Date Public: 13 Feb 2015
- Date First Published: 13 Feb 2015
- Date Last Updated: 13 Feb 2015
- Document Revision: 20
If you have feedback, comments, or additional information about this vulnerability, please send us email.