Local attackers can use Group Policy flaw to take over enterprise Windows systems
Microsoft fixed 129 vulnerabilities today across its entire range of software products, from Windows and Office to Visual Studio, Azure DevOps and Microsoft Apps for Android. Eleven of those flaws are critical and should be patched immediately, but one particular vulnerability could be easily overlooked and could allow hackers with local access to take full control of enterprise Windows systems.
[ Keep up with 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they’re for, what they cost, and which you need. | Sign up for CSO newsletters. ]
The issue, tracked as CVE-2020-1317, affects one of the most basic mechanisms for centrally managing the settings of Windows computers and users in Active Directory environments: Group Policy. More importantly, the flaw is old and exists in all Windows versions for desktops and servers beginning with Windows Server 2008. Microsoft rates it as important and describes it as such:
Source:: IT news – Security