Group Policy Preference Password Elevation of Privilege Vulnerability
Table of Contents:
Option 1: Patch the Host
Microsoft released a patch, KB2928120, addressing this vulnerability. To install it, download the patch from the MS14-025 Security Bulletin for the corresponding host operating system. ---
Option 2: Remove Old or Unused Policies
Even if the correct patch has been applied, old policies that contained passwords will still need to be removed. To remove the policies identified in the weakness:
- In Group Policy Management console, open the policy that contains
- Change the action to Delete or Disable, as applicable to the preference.
- Click OK to save your changes.
- Wait for one or two Group Policy refresh cycles to allow changes to propagate to clients.
- After changes are applied on all clients, delete the preference.
- Repeat steps 1 through 5 as needed to clean your whole environment. When the detection script returns zero results, you are finished.