Jeff Schmidt

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows Server 2003 SP2 Microsoft Windows Vista SP2 Microsoft Windows Server 2008 SP2 and R2 SP1 Microsoft Windows 7 SP1 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Gold and R2 Microsoft Windows RT Gold and 8.1 **Description** A remote code execution issue exists due to the lack of server-to-client authentication in the UNC implementation. This allows remote attackers to execute arbitrary code by making crafted data available on a UNC share. The vulnerability can be exploited when a domain-joined system connects to a domain controller, potentially allowing an attacker to take complete control of the affected system, install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Windows Server 2003 SP2, update to a newer version to mitigate the risk. For Microsoft Windows Vista SP2, update to a newer version to mitigate the risk. For Microsoft Windows Server 2008 SP2 and R2 SP1, update to a newer version to mitigate the risk. For Microsoft Windows 7 SP1, update to a newer version to mitigate the risk. For Microsoft Windows 8, update to a newer version to mitigate the risk. For Microsoft Windows 8.1, update to a newer version to mitigate the risk. For Microsoft Windows Server 2012 Gold and R2, update to a newer version to mitigate the risk. For Microsoft Windows RT Gold and 8.1, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to UNC shares from untrusted networks until a patch is available.