This Tuesday, Microsoft released updates for all supported versions of Windows and Windows Server to address an elevation of privilege vulnerability in Group Policy, marked as important. Its official common vulnerabilities and exposures (CVE) id is CVE-2020-1317.
About the vulnerability
An elevation of privilege vulnerability exists when Group Policy improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.
The security update addresses the vulnerability by correcting how Group Policy checks access.
The vulnerability was discovered and reported responsibly to Microsoft by Cyberark on June 17th, 2019. They have provided the following infographic on this vulnerability:
AFFECTED OPERATING SYSTEMS
All Windows versions and Windows Server versions are affected. Both Full installations and Server Core installations of Windows Server are affected.
Microsoft has not identified any mitigating factors for this vulnerability.
Microsoft has not identified any workarounds for this vulnerability.
About the fix
Microsoft has fixed this vulnerability with updates that were part of the June 2020 Patch Tuesday on Tuesday June 9th, 2020.
- Windows 10 RTM (version 1511)
- Windows 10 version 1607
- Windows 10 version 1709
- Windows 10 version 1803
- Windows 10 version 1809
- Windows 10 version 1903
- Windows 10 version 1909
- Windows 10 version 2004
- Windows 7 with Service Pack 1
- Windows 8.1
- Windows Server 2008 R2 with Service Pack 2
- Windows Server 2008 R2 with Service Pack 1
- Windows Server 2012
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2019
- Windows Server, version 1803
- Windows Server, version 1903
- Windows Server, version 1909
- Windows Server, version 2004
Call to Action
Noticeably, Microsoft has issued updates for Operating Systems (OSs) that are out of support per January 14th, 2020. This indicates that this update is deemed important enough to roll out in all Active Directory-oriented networking environments.
I urge you to install the necessary security updates on Windows and Windows Server installations in a test environment as soon as possible, assess the risk and possible impact on your production environment. Then, roll out this update to Windows and Windows Server installations in the production environment.
Group Policies Going Rogue
Microsoft June 2020 Patch Tuesday fixes 129 vulnerabilities
Microsoft June 2020 Patch Tuesday: largest ever with 129 fixes
CVE-2020-1317 | Group Policy Elevation of Privilege Vulnerability