← Zuruck zu CVEs
CVE-2014-1812
HIGHCISA KEV8.8
Beschreibung
The Group Policy implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly handle distribution of passwords, which allows remote authenticated users to obtain sensitive credential information and consequently gain privileges by leveraging access to the SYSVOL share, as exploited in the wild in May 2014, aka "Group Policy Preferences Password Elevation of Privilege Vulnerability."
CVE Details
CVSS v3.1 Bewertung8.8
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht5/14/2014
Zuletzt geandert4/22/2026
Quellekev
Honeypot-Sichtungen0
CISA KEV
HerstellerMicrosoft
ProduktWindows
SchwachstellennameMicrosoft Windows Group Policy Preferences Password Privilege Escalation Vulnerability
KEV Aufnahmedatum2021-11-03
Behebungsfrist2022-05-03
Ransomware-NutzungKnown
Betroffene Produkte
microsoft:windows_7microsoft:windows_8microsoft:windows_8.1microsoft:windows_server_2008microsoft:windows_server_2012microsoft:windows_vista
Schwachen (CWE)
CWE-255CWE-522
Referenzen
http://blogs.technet.com/b/srd/archive/2014/05/13/ms14-025-an-update-for-group-policy-preferences.aspx(secure@microsoft.com)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-025(secure@microsoft.com)
http://blogs.technet.com/b/srd/archive/2014/05/13/ms14-025-an-update-for-group-policy-preferences.aspx(af854a3a-2127-422b-91ae-364da2661108)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-025(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-1812(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.