- “MS15-014 addresses an issue in Group Policy update, which can be used to disable client-side global SMB Signing requirements, bypassing an existing security feature built into the product.”
- “MS15-011 adds new functionality, hardening network file access to block access to untrusted, attacker controlled shares when Group Policy refreshes on client machines.
“The prevalence of workers using enterprise laptops to work remotely from coffee shops, hotels and airports with unauthenticated WiFi makes it trivial for attackers to simply advertise common network names and get unsuspecting laptops connected.”Young added a more aggressive attacker could also have the capability to broadcast spoofed messages from a legitimate wireless network, forcing clients to disconnect and then luring them into the attacker’s control. “This flaw, which has existed for at least a decade, has been known by Microsoft since January 2014 but required extensive changes to core functionality within the Windows operating system,” said Young. Consequently, the fix for this issue will require more than the standard download and installation process. As Young further explains, enterprises will need to apply a new group policy to the patched workstation. “The patch provides 3 new settings pertaining to authentication, integrity, and privacy such that the updated clients have the ability to authenticate a valid server, ensure that the security policy has not been tampered with, and that a third-party on the network cannot view the contents of the security policy,” said Young. The flaw is known to affect Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 2000, Windows XP, Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2 and Windows RT 8.1.