Microsoft Windows domain-configured client Group Policy fails to authenticate servers over Universal Naming Convention (UNC) paths.
Microsoft has released MS15-011, detailing a critical flaw in which Windows domain-configured client Group Policy fails to authenticate servers over Universal Naming Convention (UNC) paths. Upon connecting to a network, Group Policy runs logon scripts to receive and apply policy data from a domain controller. By joining an attacker-controlled network, the vulnerable system will execute attacker-provided scripts since the server is not required to authenticate itself. Because of the way that the Multiple UNC Provider (MUP) iterates through UNC providers to establish a connection to the domain controller, the vulnerability may be remotely exploitable when a UNC path is resolved over the Internet.
A remote, unauthenticated attacker may execute arbitrary code and completely compromise vulnerable systems.
Apply an update and configure Group Policy settings
Many versions of Microsoft Windows operating systems are confirmed vulnerable, including:
Unsupported operating systems such as Microsoft Windows XP and 2000 may also be affected.
Microsoft credits Jeff Schmidt of JAS Global Advisors, Dr. Arnoldo Muller-Molina of simMachines, and the Internet Corporation for Assigned Names and Numbers (ICANN) with discovering this issue.
This document was written by Joel Land.
|Date First Published:||2015-02-13|
|Date Last Updated:||2015-02-13 15:13 UTC|