August 27, 2020

Don’t Let OneDrive Mess up your Vulnerability Scan! – WST

Recently, many of our clients have had significant increases in the number of vulnerabilities found during their Internal Vulnerability Scans.  One of the primary reasons for this is Microsoft OneDrive, and the way it installs on workstations by default.

The way most environments install OneDrive, the application will install to the user’s local AppData folder (%localappdata%).  While convenient, this means that each user basically installs their own copy of OneDrive, leading to multiple instances of the application on each system.  The problem becomes evident when vulnerabilities are present in the version of the app.  You can wind up with the same vulnerability, in multiple users’ profile folders.  Even worse, you need to patch each profile individually to bring them all up to date…not an ideal solution!

Microsoft recently released guidance on installing the OneDrive app at the machine level, which eliminates the need for OneDrive executables in each user profile folder, greatly simplifying your patching process.  Per Microsoft, running OneDriveSetup.exe with the “/allusers” switch, will install OneDrive to the Program Files folder, accessible by all users.  As a bonus, this process also reportedly removes all of the per-user installs, killing two birds with one stone.  (Your mileage may vary, as with all changes, make sure you test this on non-critical systems first!)

More information can be found at:

Past Weekly Security Tips – WST

Go to Top