Knowledge

2/10/2015

Security Warning – 2/10/2015 - Microsoft

Security Warning – 2/10/2015 - Microsoft 

On February 10, 2015, Microsoft issued new Security Bulletin MS15-011  which is marked critical 
Digital Edge security team analyzed the vulnerabilities and possibilities to exploit. We think that the vulnerability reported in MS15-011 is critical but very hard to exploit. Even though Microsoft does not disclose details about Digital Edge Security Team feels that exploiting of the vulnerability is hard and in most common enterprise settings where infrastructures protected by firewalls and users access network through VPNs almost impossible. 

Microsoft Notifies:
A remote code execution vulnerability exists in how Group Policy receives and applies policy data when a domain-joined system connects to a domain controller. To exploit this vulnerability, an attacker would have to convince a victim with a domain-configured system to connect to an attacker-controlled network.

 

An attacker who successfully exploited this vulnerability could take complete control of an affected system and then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by improving how domain-configured systems connect to domain controllers prior to Group Policy accepting configuration data.
 

This vulnerability has not been publicly disclosed. When this security bulletin was issued, Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers.

So from the notification it sounds like an attacker would take need to have a client computer on a controlled by the attacker network that is connected to Active Directory. Then the attacker would intercept a Group Policy Service I/O request from the computer on unprotected network to the Active Directory (Multiple UNC Provider to be precise) and spoof communication. This may result in an ability of an attacker to execute malicious script. 

Previously Microsoft was patching and providing advices for UNC Access Hardening. 

Please contact Digital Edge Security team if you have more questions - https://www.digitaledge.net/contact/

More information can be obtained:
https://technet.microsoft.com/library/security/MS15-011
and
https://support.microsoft.com/kb/3000483

Michael Petrov
Founder, Chief Executive Officer

Michael brings 30 years of experience as an information architect, optimization specialist and operations’ advisor. His experience includes extensive high-profile project expertise, such as mainframe and client server integration for Mellon Bank, extranet systems for Sumitomo Bank, architecture and processing workflow for alternative investment division of US Bank. Michael possesses advanced knowledge of security standards such as ISO 27001, NIST, SOC and PCI that brings into any solutions delivered by Digital Edge. Security solutions and standards are expended into public cloud such as AWS and Azure.

Was this article helpful?