A Special Microsoft “Patch Tuesday” – Jasbug Requires More Than Clicking OK

By Paul Hirsch, Citon Senior Network Engineer

Patch Tuesday has been with us a long time. Many IT admins don’t scour the release notes anymore except to check for any nasty side effects. Take note admins: This month’s Patch Tuesday included one patch that requires IT intervention to work.

MS15-011 and MS15-014 add features to address a Group Policy Execution vulnerability, a.k.a. “jasbug”, that has existed in Windows as long as Group Policy has. Jasbug, when combined with the usual network spoofing techniques, allows an attacker to trick any Windows machine on an Active Directory domain to run any code the attacker chooses. Windows, up until now, had no method for members of a domain to verify the integrity and authenticity of Group Policy scripts.

The new features in MS15-011 and MS15-014 add the ability to specify “hardened” network share (UNC) paths and ignore items that can’t be verified. Here’s the catch: You need to define a Group Policy to enable UNC path hardening on the shares you want to protect. Oh, and one more catch: Windows 2003 is left out in the cold. Just another reason to get off of Windows 2003 and earlier as soon as possible.

See this nice write up by Microsoft on hardening group policy for the nitty gritty.