CVE-2014-1812 - Microsoft Windows Group Policy Preferences Password Privilege Escalation Vulnerability
Project:Microsoft
Product:Windows
Date Added:2021-11-03Due Date:2022-05-03
Vulnerability Name
Microsoft Windows Group Policy Preferences Password Privilege Escalation Vulnerability
Description
Microsoft Windows Active Directory contains a privilege escalation vulnerability due to the way it distributes passwords that are configured using Group Policy preferences. An authenticated attacker who successfully exploits the vulnerability could decrypt the passwords and use them to elevate privileges on the domain.
Known To Be Used in Ransomware Campaigns?
Known
Action
Apply updates per vendor instructions.
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2014-1812