CVE-2014-1812 — Actively Exploited: Windows (Microsoft)
Microsoft Windows Active Directory contains a privilege escalation vulnerability due to the way it distributes passwords that are configured using Group Policy preferences. An authenticated attacker who successfully exploits the vulnerability could decrypt the passwords and use them to elevate privileges on the domain.
| CVE ID | CVE-2014-1812 |
|---|---|
| Vendor | Microsoft |
| Product | Windows |
| Vulnerability name | Microsoft Windows Group Policy Preferences Password Privilege Escalation Vulnerability |
| Date added | 2021-11-03 |
| Remediation due | 2022-05-03 |
| Known ransomware use | Known |
| Required action | Apply updates per vendor instructions. |
| Description | Microsoft Windows Active Directory contains a privilege escalation vulnerability due to the way it distributes passwords that are configured using Group Policy preferences. An authenticated attacker who successfully exploits the vulnerability could decrypt the passwords and use them to elevate privileges on the domain. |
| Source | CISA Known Exploited Vulnerabilities |
🔍 Search all exploited vulnerabilities →
$1499/mo
Try ExploitWatch →