Deploying Files via Group Policies or How Group Policy Updates Can Ruin Your Day

20. October 2022

During a workstation assessment at the beginning of 2021, usd HeroLab analysts identified a trivial privilege escalation vulnerability occurring during Group Policy Updates. The vulnerability itself was not exploitable by default, but relied on a misconfiguration. However, this type of misconfiguration seemed to occur in other environments as well, so they informed Microsoft about the issue.

With their LabNews blog post, they want to raise awareness of this problem and help other security analysts and system administrators to recognize and fix it.

Continue to blog post

Also interesting:

Security Advisories for Jellyfin

Security Advisories for Jellyfin

The usd HeroLab analysts examined the multimedia application Jellyfin while conducting their security analyses. Two cross-site scripting vulnerabilities were identified that allowed a simple user account to take over higher-privileged accounts, such as an...

Security Advisory for GitLab

Security Advisory for GitLab

The usd HeroLab analysts examined GitLab, a service for version management of software projects, while conducting their security analyses. In the process, a vulnerability was identified that, due to the current default settings in GitLab, allows users to unknowingly...

Categories

Categories