Vulnerability in Group Policy Fixed with MS15-011 & MS15-014

COG1_thumb.pngToday Microsoft published hotfix MS15-011 and MS15-014 that addressed a potential issues that could allow an man in the middle attack on computer. This vulnerability affected system that could be compromised by a man in the middle or what I like to call a “Coffee Shop Attack”. The summary is that by interfering with the traffic that is being sent to a client a malicious person can force a client to fall back to default weaker security settings. Once this is done it would then be possible to trick a client into running a malicious logon script.

Therefore Microsoft has released two hotfixes to fix this vulnerability:

  • MS015-011 – Microsoft has change the fall back behaviour of security setting if it encounters a corrupt Client Side Extension file.
  • MS015-014 – Microsoft has enable mutual authentication for Group Policy UNC paths meaning that a client cannot be tricked into access the same path using a different protocol such as WebDAV.

Needless to say that this is an important update to Windows and one that particularly changes the behaviour of Group Policy to mitigate the threat.

For a much more detail explanation of this see:

http://blogs.technet.com/b/srd/archive/2015/02/10/ms15-011-amp-ms15-014-hardening-group-policy.aspx

This update can only be downloaded via Windows Update but you can get more information on the individual patches at:

https://technet.microsoft.com/en-us/library/security/ms15-011

https://technet.microsoft.com/en-us/library/security/ms15-014

Out Now: Remote Server Admin Tools for Windows 10 Technical Preview

Windows 10 Technical Preview Start MenuMicrosoft has just released the Windows 10 Technical Preview to the public. As per normal Windows 10 has a number of admin tools installed out of the box. But on top of that there is also the Remote Server Admin Tools (RSAT) that can be used for managing the server components of Windows Server. Ironically the next preview version of Windows Server has not yet been released…

But according to the release notes, these tools can be used to manage the October 2014 Windows Server preview version with the exception of the DNS Tools and IP Address Management Tools (IPAM).

Source: http://www.microsoft.com/en-us/download/details.aspx?id=45520

Work Folders Client for iPad

Work Folders iPad LogoWork Folders which is the feature that was released with Windows Server 2012 R2 and Windows 8.1 is a “OneDrive” like feature that allows users synchronise their “work” files on their devices. The key difference with this feature is that the files are stored on premise on the back end instead of the cloud which is far more palatable for companies that are still nervous about moving to the cloud.

Originally this client for this feature was for Windows 8.1 and then it was released for Windows 7 with promise that an iPad version of the app would be coming soon. Well, finally Microsoft have made good on this promise and they have now released the iPad.

Work Folders iPad App

What is really great about this release is that it now makes the Work Folders feature a truly cross platform feature. But more importantly it enables your iPad loving managers that seem have their Apple device surgically attached to the hand actually do “work” on their tables. Why is this even important you ask? Well, most workplaces are of course political and managers are normally the people you need to win over to get anything approved. Another added advantage of this feature is that the licensing is also included with Windows (you mileage may vary). So this is also a much cheaper alternative to solution like Box.com which also offers synchronisation cross platform but at a per user cost to the business.

Finally the iPad version of the app also offline support and encryption to ensure that the information in the app is always secure.

So, if you have already got Work Folders deployed in your organisation then download the app and get started. But, if this is the first time you have heard about this feature and you are still after more information then I suggest you check out my many other blog post here or even my TechEd 2013 and TechEd 2014.

Source: http://blogs.technet.com/b/filecab/archive/2015/01/16/work-folders-for-ios-ipad-app-release.aspx

iTunes Link: https://itunes.apple.com/us/app/work-folders/id950878067?mt=8

Podcast: RunAs Radio with myself and Richard Campbell

RunAs2I recently recorded a podcast with Richard Campbell to talk about some of the latest changes with Group Policy especially around passwords in Group Policy Preference and mitigations for Pass The Hash. We then talk about some of the things we would like to see in the next version of Windows regarding security.

You can check out the podcast at http://runasradio.com/default.aspx?showNum=393

Keeping your company secure using Group Policy

In this TechEd session I presented at TechEd New Zealand 2014 I covered some of the changes with Group Policy preferences recently as well as some of the new Group Policy improvements you can do to protect yourself against Pass the Hash attacks. Unfortunately at the end one of my Demo’s did not work however I actually did get it to work only a few minutes after the video ended. All I had to do was log off and on and the authentication attempt failed as expected. In any case it was a great session and best of all it was recorded in full video so you actually get to see me talk on stage rather than just look at my monitor.

TE

Unfortunately they have only release the video as a WMV so you will need to click use this link to play the video. http://video.ch9.ms/sessions/teched/nz/2014/PCIT312_FINAL.wmv

Source: http://channel9.msdn.com/Events/TechEd/NewZealand/2014/PCIT312