past history, new attacks (cve-2015-0008) – 28th Oct 2019

Preface: Microsoft will be ending support for Windows 7 and Server 2008 on January 14, 2020. This means no more security patching and no more support from Microsoft.

Vulnerability details: Found design flaw on 2015. Microsoft Windows Group Policy could allow a remote attacker to take complete control of the system, caused by improper application of policy data. By social engineering attacks to convinces a privileges user with domain-configured system to connect to an attacker-controlled network, an attacker could exploit this vulnerability to execute arbitrary code and take complete control of the system.

Current status: Microsoft Windows Server 2012 suffers from a Group Policy remote code execution vulnerability.

Proof of concept release on 29th October 2019. The exploit code targets vulnerable systems in order to modify registry keys to disable SMB signing, achieve SYSTEM level remote code execution (AppInit_DLL) and a user level remote code execution (Run Keys).

Perhaps this vulnerability without any significant impact to MS product in the moment. But information security expert should be take care of this issue.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.