I need some help answering these two questions to be able to

I need some help answering these two questions to be able to finish a reseach paper. Please provide me with a decent-length answer as I do not fully understand them, thanks in advance.

1) what solution did Microsoft provide to mitigate the ms15-011 adn m15-014 vulnerabilities?

2) Did Microsoft’s solution completely eliminate these vulnerabilities?

Solution

MS15-014 Vulnerability:

Summary:

                 The vulnerability could allow security feature bypass if an attacker, by way of a man-in-the-middle attack, causes the Group Policy Security Configuration Engine policy file on a targeted system to become corrupted or otherwise unreadable. This results in the Group Policy settings on the system to revert to their default, and potentially less secure, state.

Solution:

An update is available from Microsoft that address this vulnerability, by correcting how Group Policy settings are applied when a Group Policy Security Configuration Engine policy file is corrupted or otherwise unreadable.

This update is available as KB3004361 and is rated as an important update for all supported versions of Windows and Windows Server.

MS15-011 Vulnerability:

Summary:

             A remote code execution vulnerability exists when a domain-joined system connects to a domain controller. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs, can view, change, or delete data,create new accounts with full user rights.This can be more affected for the users who was having admin rights.

Solution :
            MS15-011 is not turned on by default. It requires administrators to turn on Group Policy setting to harden specific SYSVOL and NETLOGON shares to protect enterprise deployments from the vulnerability.            

            The Group Policy service on domain-joined Windows-based computers automatically tries to download updated security policies from Universal Naming Convention (UNC) paths that begin with \\\\<Domain>\\SYSVOL. It will run any scripts that are configured to run in the applicable Group Policy Objects (GPOs). Typically, these are stored in UNC paths that being with \\\\<Domain>\\NETLOGON.
               Microsoft is announcing the availability of UNC Hardened Access, a new feature on the Windows platform. To provide mitigations against this and related attacks, this feature improves the protection and handling of data when Windows-based computers access UNC paths.

After the MS15-011update is installed, the following new Group Policy Setting can be used to harden specific shares:

Steps to Follow:

1. Open Group Policy Management Console.
2. In the console tree, in the forest and domain that contain the Group Policy object (GPO) that you want to create or edit, double-click Group Policy Objects.

Forest name/Domains/<Domain name>

3. (Optional) Right-click Group Policy Objects, and then click New.
4. Type the desired name for the new GPO.
5. Right-click the desired GPO, and then click Edit.
6. In the Group Policy Object Editor console, browse to the following policy path:
       Computer Configuration/Administrative Templates/Network/Network Provider
7. Right-click the Hardened UNC Paths setting, and then click Edit.
8. Select the Enabled option button.
9. In the Options pane, scroll down, and then click Show.
10. Add one or more configuration entries. to do this, follow these steps:

      a. In the Value Name column, type the UNC path that you want to configure. The UNC path may be specified in one of the following forms:

   b. In the Value column, type the name of the security property to configure (for example, type RequireMutualAuthentication, RequireIntegrity, or RequirePrivacy) followed by an equal sign (=) and the number 0 or 1.

     Note Multiple properties may be assigned for a single UNC path by separating each \"<Property> = <Value>\" pair by using a comma (,).

11. Click OK two times, and then close the GPO editor.
12. If you created a new GPO earlier, link the GPO to one or more domains. To do this, right-click the desired domain, click Link an Existing GPO, select the newly added GPO, and then click OK.
13. To test the new or updated GPO, log on to a computer to which the GPO applies, and then run the following command:
         gpupdate /force

UNC Hardened Access is available as KB3000483. It is accompanied by KB30004375, which is installed transparently with KB3000483.

2) Did Microsoft’s solution completely eliminate these vulnerabilities?

A. For MS15-011 Microsoft has identified workarounds, so, install KB3004361 in a test environment.

    For MS15-014 Microsoft has not identified any mitigating factors or workaround for this vulnerability. But suggested to install the KB3004361 in a test environment.