Deploying Files via Group Policies or How Group Policy Updates Can Ruin Your Day

20. October 2022

During a workstation assessment at the beginning of 2021, usd HeroLab analysts identified a trivial privilege escalation vulnerability occurring during Group Policy Updates. The vulnerability itself was not exploitable by default, but relied on a misconfiguration. However, this type of misconfiguration seemed to occur in other environments as well, so they informed Microsoft about the issue.

With their LabNews blog post, they want to raise awareness of this problem and help other security analysts and system administrators to recognize and fix it.

Continue to blog post

Also interesting:

DEF CON | Las Vegas | 10. - 13. August 2023

DEF CON | Las Vegas | 10. - 13. August 2023

DEF CON is the longest running and largest underground hacking conference in the world. It is known for its in-depth focus on computer security and hacking and provides a platform for some of the greatest minds in the field to share their knowledge and work together...

Top 3 Vulnerabilities in Cloud Pentests

Top 3 Vulnerabilities in Cloud Pentests

During their penetration tests (pentests), our security analysts at usd HeroLab repeatedly uncover vulnerabilities that pose significant risks to corporate security. They increasingly encounter the same vulnerabilities. Our blog series "Top 3 Vulnerabilities" presents...

KRITIS Audits: BSI Specifies Maturity Levels for Verification Assessment

KRITIS Audits: BSI Specifies Maturity Levels for Verification Assessment

In January, the German Federal Office for Information Security (BSI) published the document „Reife- und Umsetzungsgradbewertung im Rahmen der Nachweisprüfung (RUN)“ (Maturity and implementation level assessment as part of the verification audit). This document defines...

Categories

Categories