Microsoft closes leak in Windows group policy that allows raising permissions

Microsoft has patched a vulnerability in Windows Group Policy functionality. This made it possible to increase rights and thus take over vulnerable systems. The patch is part of a series of fixes that Microsoft released Tuesday.

The vulnerability affects Windows systems from Server 2008, affecting millions of systems, according to security firm CyberArk. The leak was reported to Microsoft in June 2019. In September last year, Microsoft confirmed the vulnerability. Microsoft then announced to the security company that developing a patch was complex. On Tuesday, Microsoft released that patch anyway. The vulnerability has been designated CVE-2020-1317.

The vulnerability relates to the Group Policy Client service, or gpsvc. This service requires administrator rights to function and check for Group Policy updates. A file manipulation attack when running gpupdate.exe allows a user to gain elevated privileges, making all Windows machines in a domain susceptible to an escalation or privilege attack. According to Microsoft, an attacker must first log in to a vulnerable system and then run a specially crafted program.

The fix is ​​part of Microsoft’s June 2020 Patch Tuesday, which fixes a total of 129 vulnerabilities in its products. This does not include zero-day vulnerabilities. However, 11 leaks have been marked as critical, 109 as important, 7 as medium and 2 as low.

One of the critical vulnerabilities allowed arbitrary code execution on vulnerable systems through memory corruption. This was possible thanks to the way in which Microsoft browsers within Windows access objects in memory. There was also a critical VBScript vulnerability.

Microsoft is making available cumulative updates for the various Windows versions, including KB4557957 for Windows 10 version 2004, or the May 2020 Update. The update for the latest version of Windows 10 includes security and stability improvements, including for Edge, the Xbox app, and the Microsoft Store.