Understanding MS16-130 RRS feed

  • Question

  • Hi there,

    I am still trying to figure out MS16-130, CVE-2016-7222 - the explanation is a bit vague for me and I cannot find more related info. On the bulletin site the following info is provided: "This update requires hardened UNC paths to be used in scheduled tasks."
    This Update applies only to Win10 and Srv2016.

    Hardened UNC Paths GPO was introduced in MS15-011(and 14) and there is a guidance on technet:

    Guidance to MS15-011
    What about Windows 10?:
    It is important to note that UNC hardening is enabled by default in Windows 10 for Netlogon and SYSVOL. Registry keys are NOT present by default even when UNC hardening is enabled unless UNC hardening settings are being configured via group policy.

    Of course those updates were not released to Win10 and Srv2016 - I've never tested if Win10 applies this GPO by default or not.

    So does this new bulletin mean that after applying MS16-130, the hardening GPO will now apply to win10 and srv2016, and that any UNC path used in scheduled tasks of such OS should be added as a hardened UNC path???

    Thanks in advance.

    Wednesday, November 16, 2016 2:08 PM


  • Hi,

    As I know, security update is used to repair the system vulnerabilities and improve the security level.

    In MS16-130, it mean to addresses the vulnerabilities by requiring hardened UNC paths be used in scheduled tasks.

    It doesn't mean to add the feature to force UNC path using in scheduled tasks, but to fix the security vulnerabilities when you use hardened UNC patch in scheduler tasks.

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, November 22, 2016 2:41 PM