CVE-2014-1812 — Microsoft Windows Group Policy Preferences Password Privilege Escalation Vulnerability
2021-11-03 • CISA Known Exploited Vulnerability
[event] Microsoft Windows Active Directory contains a privilege escalation vulnerability due to the way it distributes passwords that are configured using Group Policy preferences. An authenticated attacker who successfully exploits the vulnerability could decrypt the passwords and use them to elevate privileges on the domain.
> AFFECTED SOFTWARE
| Field | Value |
|---|---|
| Vendor | Microsoft |
| Product | Windows |
| CWE | CWE-255 |
| CVE ID | CVE-2014-1812 |
| Date Added | 2021-11-03 |
| Due Date | 2022-05-03 |
| Ransomware Campaign | Known — this vulnerability has been leveraged in ransomware campaigns |
> MITIGATION
Apply updates per vendor instructions.
Due Date: 2022-05-03