← ExploitWatch
HomeExploited Vulnerabilities

CVE-2014-1812 — Actively Exploited: Windows (Microsoft)

Microsoft Windows Active Directory contains a privilege escalation vulnerability due to the way it distributes passwords that are configured using Group Policy preferences. An authenticated attacker who successfully exploits the vulnerability could decrypt the passwords and use them to elevate privileges on the domain.

CVE IDCVE-2014-1812
VendorMicrosoft
ProductWindows
Vulnerability nameMicrosoft Windows Group Policy Preferences Password Privilege Escalation Vulnerability
Date added2021-11-03
Remediation due2022-05-03
Known ransomware useKnown
Required actionApply updates per vendor instructions.
DescriptionMicrosoft Windows Active Directory contains a privilege escalation vulnerability due to the way it distributes passwords that are configured using Group Policy preferences. An authenticated attacker who successfully exploits the vulnerability could decrypt the passwords and use them to elevate privileges on the domain.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →