Mar 24
Latest windows exploit–Prevention may break mapped network drives with SharePoint

There is a new Windows Remote Code Execution exploit is being used in the wild, tho it appears limited... for now.

One of the steps to help prevent against this exploit is to disable the WebClient Service.

Doing so, will stop users mapped drives working – and overload your helpdesk - as this is the service which provides some of the WebDav functionality which SharePoint uses to allow mapping of network drives / explorer view.

Disabling this service on either your SharePoint On-Prem server or your client machines, will break this feature.

Advisory: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv200006#ID0EMGAC

image

This is the sentence which says… ‘disable this and it will break mapped drives / explorer view with SharePoint’

Full details about the exploit https://arstechnica.com/information-technology/2020/03/attackers-exploit-windows-zeroday-that-can-execute-malicious-code/

Comments

There are no comments for this post.