MS15–011 : Vulnerability in Group Policy Could Allow Remote Code Execution (3000483)
The Purpose of this article is to share a quick way to resolve a vulnerability named MS15–011: Vulnerability in Group Policy Could Allow Remote Code Execution (3000483) . In most of the cases , when information security team performs a vulnerability assessment than the system admins runs windows update manually or deploy them via Microsoft SCCM (System Center Configuration Manager) . However for this vulnerability , even after you deploy the patch , you still need some group policy configuration in order to close it .
Here are the relevant details .
Vulnerability Name : MS15–011: Vulnerability in Group Policy Could Allow Remote Code Execution (3000483)
Severity : High
Nessus Plugin ID : 81264
CVE No: CVE-2015–0008
Proposed Solution :
KB 3000483 or a related, subsequent update was successfully installed, but the GPO setting “Hardened UNC Paths” has not been enabled.
Procedure :
If the Patch is installed and you are still getting this vulnerability in all scans than you need to enable Local Group Policy . If we are talking about a large number of servers than it is better to create a domain level group Policy for those servers however if that needs more time and testing than a quick win to implement it locally on the particular server .
- If you are a system admin , Login to the Windows Server with admin rights and on Run Prompt ,type gpedit.msc to open Local Group Policy management console . If you are not familiar with Group Policy management console than you should refer to the original reference provided below .
- Go to this Path : Computer Configuration/Administrative Templates/Network/Network Provider
- Right-click the Hardened UNC Paths setting, and then click Edit and select the Enabled option
- In the Options pane, scroll down, and then click Show.
- Add these configuration entries. to do this, follow these steps:
- In the Value Name column, type the UNC path that you want to configure. The UNC path may be specified in one of the following forms:
- \\<Server>\<Share> — The configuration entry applies to the share that has the specified name on the specified server.
- \\*\<Share> — The configuration entry applies to the share that has the specified name on any server.
- \\<Server>\* — The configuration entry applies to any share on the specified server.
- \\<Server> — The same as \\<Server>\*
Here is an example . In the value , mostly this line will be enough .
RequireMutualAuthentication=1, RequireIntegrity=1
For more details, Please refer to the reference given below .
