Monday, March 1, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Windows 10: Microsoft patches ‘important’ Windows Group Policy bug reported a year ago

June 10, 2020
in Internet Security
Windows 10: Microsoft patches ‘important’ Windows Group Policy bug reported a year ago
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Microsoft has released a fix for an elevation-of-privilege flaw in Windows Group Policy that affects all supported versions of Windows. 

Windows Group Policy is used by admins to create Group Policy Objects (GPO) that enforce settings and software, including antivirus and firewalls, on Windows devices as well as on other networked devices, such as printers, on the same Active Directory domain. 

You might also like

These four new hacking groups are targeting critical infrastructure, warns security company

Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill

TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit

GPOs should only be controlled by a domain admin. However, Eran Shimony, of security firm CyberArk, found that any machine on the domain can be used by an attacker to perform a file-system attack that allows them to request a policy update and override policy settings. Doing so could let an attacker disable antivirus like Microsoft Defender. 

SEE: Cheat sheet: Windows 10 PowerToys (free PDF)    

“A group policy update can be requested manually by a local non-privileged user,” explained Shimony. “So, if you manage to find a bug in the group policy update process, you can trigger it yourself whenever you want to – making a potential attack easier.

“Instead of waiting for the 90 minutes (the default time period to push group policy updates on a domain environment with 30 minutes time delta) or so, which is the default time to push group policy updates on a domain environment, an admin could force it immediately.”

According to Microsoft, the bug exists because Group Policy improperly checks access in Windows, allowing an attacker who exploited the vulnerability to run processes in an elevated context. 

“To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system,” Microsoft said.

Microsoft rated the bug, CVE-2020-1317, as “important” and says exploitation is less likely. Nonetheless, it affects all versions of Windows 10 through to Windows Server 2008. 

Shimony’s exploit targets gpsvc, the Windows local group policy service, and the Globally Unique Identifier (GUID) used within Windows Group Policy. 

“If we manage to find an unsafe file operation it performs, we can, presumably, reparse to another file using a file manipulation attack,” he notes. 

He goes on to explain the various ways a GPO can be linked to different resources – for example, to a local or remote computer, to a site, a domain, or an organizational unit. 

“It turns out that the value of this parameter determines where the local service will write it to the group policy. If you link a GPO to a machine, it will have the value C:ProgramDataMicrosoftGroup PolicyHistory{GUID}MachinePreferencesApplied-ObjectApplied-Object.xml.

SEE: Windows 10 2004: Microsoft warns of a new bug that makes connected displays go black

“However, if GPOLink has the value of GPLinkOrganizationalUnit, then it applies to every user and computer in the domain and GPSVC will copy the policies into a path that is accessible by the local user.”

Shimony details seven steps it takes to exploit the vulnerability to create files on arbitrary locations, including deleting and modifying system protect files.

  1. List the group policy GUIDs you have in C:UsersuserAppDataLocalMicrosoftGroup PolicyHistory.
  2. If you have multiple GUIDs, check which directory was updated recently.
  3. Go inside this directory and into the sub-directory, which is the user SID.
  4. Look at the latest modified directory; this will vary in your environment. In his case, it was the Printers.
  5. Delete the file, xml inside the Printers directory.
  6. Create an NTFS mount point to RPC Control + an Object Manager symlink with xml that points on C:WindowsSystem32whatever.dll.
  7. Open your favorite terminal and run gpupdate. 

Microsoft released the patch as part of this week’s monster Patch Tuesday update, a year after Shimony had reported the bug to the company. 

Microsoft immediately opened a case, according to Shimony, but the company took until January to confirm it would deliver a patch in Q2 2020 due to the complexity of the problem. 

Had Google Project Zero reported the flaw, it would have disclosed the bug 90 days after reporting it to Microsoft, which prefers coordinated disclosure rather than Google’s hard deadline.   

Credit: Zdnet

Previous Post

MSPs and MSSPs Can Increase Profit Margins With Cynet 360 Platform

Next Post

Qualitest Announces Global Launch of Qualisense

Related Posts

These four new hacking groups are targeting critical infrastructure, warns security company
Internet Security

These four new hacking groups are targeting critical infrastructure, warns security company

February 28, 2021
Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill
Internet Security

Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill

February 28, 2021
TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit
Internet Security

TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit

February 28, 2021
Cybercrime groups are selling their hacking skills. Some countries are buying
Internet Security

Cybercrime groups are selling their hacking skills. Some countries are buying

February 28, 2021
Why would you ever trust Amazon’s Alexa after this?
Internet Security

Why would you ever trust Amazon’s Alexa after this?

February 28, 2021
Next Post
Qualitest Announces Global Launch of Qualisense

Qualitest Announces Global Launch of Qualisense

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

The Future of AI in Insurance
Data Science

The Future of AI in Insurance

March 1, 2021
Machine Learning as a Service (MLaaS) Market Analysis Technological Innovation by Leading Industry Experts and Forecast to 2028 – The Daily Chronicle
Machine Learning

Machine Learning as a Service (MLaaS) Market Global Sales, Revenue, Price and Gross Margin Forecast To 2028 – The Bisouv Network

March 1, 2021
AI And Automation In HR: The Changing Scenario Of The Business
Data Science

AI And Automation In HR: The Changing Scenario Of The Business

February 28, 2021
Machine learning could aid mental health diagnoses: Study
Machine Learning

Machine learning could aid mental health diagnoses: Study

February 28, 2021
Python vs R! Which one should you choose for data Science
Data Science

Python vs R! Which one should you choose for data Science

February 28, 2021
Can Java be used for machine learning and data science?
Machine Learning

Can Java be used for machine learning and data science?

February 28, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • The Future of AI in Insurance March 1, 2021
  • Machine Learning as a Service (MLaaS) Market Global Sales, Revenue, Price and Gross Margin Forecast To 2028 – The Bisouv Network March 1, 2021
  • AI And Automation In HR: The Changing Scenario Of The Business February 28, 2021
  • Machine learning could aid mental health diagnoses: Study February 28, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates