CVE-2015-0008

Microsoft Windows Server 2012 - 'Group Policy' Remote Code Execution (MS15-011)

Severity Score

8.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The UNC implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not include authentication from the server to the client, which allows remote attackers to execute arbitrary code by making crafted data available on a UNC share, as demonstrated by Group Policy data from a spoofed domain controller, aka "Group Policy Remote Code Execution Vulnerability."

La implementación UNC en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, y Windows RT Gold y 8.1 no incluye la autenticación del servidor hacia el cliente, lo que permite a atacantes remotos ejecutar código arbitrario mediante la disposición de datos manipulados en un compartido UNC, tal y como fue demostrado por datos Group Policy de un controlador de dominio falsificado, también conocido como 'vulnerabilidad de la ejecución de código remoto de Group Policy.'

Microsoft Windows Server 2012 suffers from a Group Policy remote code execution vulnerability.

*Credits: N/A

CVSS Scores

NISTv2 8.3

Attack Vector

Adjacent

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2014-11-18 CVE Reserved
2015-02-11 CVE Published
2019-10-29 First Exploit
2024-08-06 CVE Updated
2024-11-07 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-284: Improper Access Control

CAPEC

References (9)

URL	Tag	Source
http://packetstormsecurity.com/files/155002/Microsoft-Windows-Server-2012-Group-Policy-Remote-Code-Execution.html	X_refsource_misc
http://www.kb.cert.org/vuls/id/787252	Third Party Advisory
http://www.securityfocus.com/bid/72477	Third Party Advisory
http://www.securitytracker.com/id/1031719	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/100426	Third Party Advisory
https://www.jasadvisors.com/additonal-jasbug-security-exploit-info	Third Party Advisory

URL	Date	SRC
https://www.exploit-db.com/exploits/47558	2019-10-29

URL	Date	SRC
http://blogs.technet.com/b/srd/archive/2015/02/10/ms15-011-amp-ms15-014-hardening-group-policy.aspx	2019-10-29
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-011	2019-10-29

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Microsoft Search vendor "Microsoft"		Windows 7 Search vendor "Microsoft" for product "Windows 7"				-		sp1		Affected
Microsoft Search vendor "Microsoft"		Windows 8 Search vendor "Microsoft" for product "Windows 8"				-		-		Affected
Microsoft Search vendor "Microsoft"		Windows 8.1 Search vendor "Microsoft" for product "Windows 8.1"				-		-		Affected
Microsoft Search vendor "Microsoft"		Windows Rt Search vendor "Microsoft" for product "Windows Rt"				-		-		Affected
Microsoft Search vendor "Microsoft"		Windows Rt 8.1 Search vendor "Microsoft" for product "Windows Rt 8.1"				-		-		Affected
Microsoft Search vendor "Microsoft"		Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003"				-		sp2		Affected
Microsoft Search vendor "Microsoft"		Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008"				-		sp2		Affected
Microsoft Search vendor "Microsoft"		Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008"				r2 Search vendor "Microsoft" for product "Windows Server 2008" and version "r2"		sp1, itanium		Affected
Microsoft Search vendor "Microsoft"		Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008"				r2 Search vendor "Microsoft" for product "Windows Server 2008" and version "r2"		sp1, x64		Affected
Microsoft Search vendor "Microsoft"		Windows Server 2012 Search vendor "Microsoft" for product "Windows Server 2012"				-		-		Affected
Microsoft Search vendor "Microsoft"		Windows Server 2012 Search vendor "Microsoft" for product "Windows Server 2012"				r2 Search vendor "Microsoft" for product "Windows Server 2012" and version "r2"		-		Affected
Microsoft Search vendor "Microsoft"		Windows Vista Search vendor "Microsoft" for product "Windows Vista"				-		sp2		Affected