Published: 11/02/2015 Updated: 29/10/2019

CVSS v2 Base Score: 3.3 | Impact Score: 2.9 | Exploitability Score: 6.5

VMScore: 335

Vector: AV:A/AC:L/Au:N/C:N/I:P/A:N

The Group Policy Security Configuration policy implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows man-in-the-middle malicious users to disable a signing requirement and trigger a revert-to-default action by spoofing domain-controller responses, aka "Group Policy Security Feature Bypass Vulnerability."

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft windows server 2012 -
microsoft windows server 2012 r2
microsoft windows 8.1 -
microsoft windows server 2003 -
microsoft windows 8 -
microsoft windows rt -
microsoft windows server 2008 r2
microsoft windows server 2008 -
microsoft windows rt 8.1 -
microsoft windows 7 -
microsoft windows vista -

# Exploit Title: Microsoft Windows Server 2012 - 'Group Policy' Security Feature Bypass # Date: 2019-10-28 # Exploit Author: Thomas Zuk # Version: Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, # Windows 8, Windows Server 2012, Windows RT, Windows 81, Windows Server 2012 R2, and Windows RT 81 # Tested ...

Microsoft Windows Server 2012 suffers from a Group Policy security feature bypass vulnerability ...

Useful scripts

Scripts I will be putting fixed, modified or created scripts here that are not necessarily part of a project ssh-check-usernamepy Original: bugfuzzcom/stuff/ssh-check-usernamepy I had an issue running this script with the current Kali The problem is with changes to paramiko See: paramiko/paramiko#1314 The solution is to replace instances of the text '_handle

CWE-254 http://blogs.technet.com/b/srd/archive/2015/02/10/ms15-011-amp-ms15-014-hardening-group-policy.aspx http://www.securitytracker.com/id/1031722 http://www.securityfocus.com/bid/72476 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-014 http://packetstormsecurity.com/files/155007/Microsoft-Windows-Server-2012-Group-Policy-Security-Feature-Bypass.html https://nvd.nist.gov https://github.com/rtaylor777/scripts https://www.exploit-db.com/exploits/47559

CVE-2015-0009

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect