Security Warning – 2/10/2015 - Microsoft
On February 10, 2015, Microsoft issued new Security Bulletin MS15-011 which is marked critical
Digital Edge security team analyzed the vulnerabilities and possibilities to exploit. We think that the vulnerability reported in MS15-011 is critical but very hard to exploit. Even though Microsoft does not disclose details about Digital Edge Security Team feels that exploiting of the vulnerability is hard and in most common enterprise settings where infrastructures protected by firewalls and users access network through VPNs almost impossible.
A remote code execution vulnerability exists in how Group Policy receives and applies policy data when a domain-joined system connects to a domain controller. To exploit this vulnerability, an attacker would have to convince a victim with a domain-configured system to connect to an attacker-controlled network.
An attacker who successfully exploited this vulnerability could take complete control of an affected system and then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by improving how domain-configured systems connect to domain controllers prior to Group Policy accepting configuration data.
This vulnerability has not been publicly disclosed. When this security bulletin was issued, Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers.
So from the notification it sounds like an attacker would take need to have a client computer on a controlled by the attacker network that is connected to Active Directory. Then the attacker would intercept a Group Policy Service I/O request from the computer on unprotected network to the Active Directory (Multiple UNC Provider to be precise) and spoof communication. This may result in an ability of an attacker to execute malicious script.
Previously Microsoft was patching and providing advices for UNC Access Hardening.
Please contact Digital Edge Security team if you have more questions - https://www.digitaledge.net/contact/
More information can be obtained: