Title

Microsoft Group Policy Elevation of Privilege Vulnerability (Cat II impact)

Discussion

Microsoft has released a security bulletin addressing a vulnerability in Microsoft Group Policy. Microsoft Group Policy is an infrastructure that implements specific configurations for users and computers. To exploit this vulnerability, an attacker would first need to gain access to an authenticated user account on the domain. If a GPO is configured using Group Policy preferences to set a local administrative password or define credentials to map a network drive, schedule a task, or configure the running context of a service, an attacker could then retrieve and decrypt the password stored with Group Policy preferences. If successfully exploited, an attacker would gain new local or domain administrator credentials, which could then elevate privileges to allow installation/view/change/deletion of data on the affected system.

Check Content

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-50453

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.