Group Policy Elevation of Privilege Vulnerability (CVE-2020-1317, Important)

Windows Server

This Tuesday, Microsoft released updates for all supported versions of Windows and Windows Server to address an elevation of privilege vulnerability in Group Policy, marked as important. Its official common vulnerabilities and exposures (CVE) id is CVE-2020-1317.

 

About the vulnerability

An elevation of privilege vulnerability exists when Group Policy improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.

The security update addresses the vulnerability by correcting how Group Policy checks access.

The vulnerability was discovered and reported responsibly to Microsoft by Cyberark on June 17th, 2019. They have provided the following infographic on this vulnerability:

CyberArkCVE20201317InfoGraphic

 

AFFECTED OPERATING SYSTEMS

All Windows versions and Windows Server versions are affected. Both Full installations and Server Core installations of Windows Server are affected.

MITIGATIONS

Microsoft has not identified any mitigating factors for this vulnerability.

WORKAROUNDS

Microsoft has not identified any workarounds for this vulnerability.

 

About the fix

Microsoft has fixed this vulnerability with updates that were part of the June 2020 Patch Tuesday on Tuesday June 9th, 2020.

  1. Windows 10 RTM (version 1511)
  2. Windows 10 version 1607
  3. Windows 10 version 1709
  4. Windows 10 version 1803
  5. Windows 10 version 1809
  6. Windows 10 version 1903
  7. Windows 10 version 1909
  8. Windows 10 version 2004
  9. Windows 7 with Service Pack 1
  10. Windows 8.1
  11. Windows Server 2008 R2 with Service Pack 2
  12. Windows Server 2008 R2 with Service Pack 1
  13. Windows Server 2012
  14. Windows Server 2012 R2
  15. Windows Server 2016
  16. Windows Server 2019
  17. Windows Server, version 1803
  18. Windows Server, version 1903
  19. Windows Server, version 1909
  20. Windows Server, version 2004

 

Call to Action

Noticeably, Microsoft has issued updates for Operating Systems (OSs) that are out of support per January 14th, 2020. This indicates that this update is deemed important enough to roll out in all Active Directory-oriented networking environments.

I urge you to install the necessary security updates on Windows and Windows Server installations in a test environment as soon as possible, assess the risk and possible impact on your production environment. Then, roll out this update to Windows and Windows Server installations in the production environment.

Further reading

Group Policies Going Rogue
Microsoft June 2020 Patch Tuesday fixes 129 vulnerabilities
Microsoft June 2020 Patch Tuesday: largest ever with 129 fixes
CVE-2020-1317 | Group Policy Elevation of Privilege Vulnerability

Posted on June 11, 2020 by Sander Berkouwer in Active Directory, Group Policy, Security Updates

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.