Deploying Files via Group Policies or How Group Policy Updates Can Ruin Your Day

20. October 2022

During a workstation assessment at the beginning of 2021, usd HeroLab analysts identified a trivial privilege escalation vulnerability occurring during Group Policy Updates. The vulnerability itself was not exploitable by default, but relied on a misconfiguration. However, this type of misconfiguration seemed to occur in other environments as well, so they informed Microsoft about the issue.

With their LabNews blog post, they want to raise awareness of this problem and help other security analysts and system administrators to recognize and fix it.

Continue to blog post

Also interesting:

DEF CON | Las Vegas | 10. - 13. August 2023

DEF CON | Las Vegas | 10. - 13. August 2023

DEF CON is the longest running and largest underground hacking conference in the world. It is known for its in-depth focus on computer security and hacking and provides a platform for some of the greatest minds in the field to share their knowledge and work together...

AI Vulnerability Storm: When a Lack of Speed Becomes a Risk

AI Vulnerability Storm: When a Lack of Speed Becomes a Risk

Current developments in AI systems show that vulnerabilities are found more quickly, suitable exploits are developed more quickly, and attacks are increasingly implemented automatically. This significantly reduces the time between discovery and exploitation. What used...

Bafin Publishes 9th Amendment to MaRisk

Bafin Publishes 9th Amendment to MaRisk

On 30 June 2026, all credit institutions and financial services institutions in Germany received an important circular: Following the consultation phase, the German Federal Financial Supervisory Authority (Bafin) published the 9th amendment to its Minimum Requirements...

usd AG Listed as EPI Partner for Mobile Security Evaluations

usd AG Listed as EPI Partner for Mobile Security Evaluations

The popularity of mobile payments is growing, and with it, the demand for verified security. usd AG is expanding its activities in the EPI environment and will also conduct Mobile Security Evaluations in the future. This places us among the few EPI-listed Security...

Categories

Categories