Categories: US-Cert-Repository

Required Group Policy Preference Actions for Microsoft Security Bulletin MS14-025

Original release date: August 07, 2015

US-CERT is aware of continued exploitation of insecurely stored passwords in Group Policy Preferences, due to incomplete implementations of Microsoft Security Bulletin MS14-025. Systems may still be vulnerable to exploitation if administrators have not cleared all previously stored passwords from their environment. An attacker may decrypt these passwords and use them to gain escalated privileges.

US-CERT strongly recommends that administrators employ the PowerShell script provided in Microsoft  Knowledge Base Article 2962486 and follow the included instructions for clearing all “CPassword” preferences from their environment.

This product is provided subject to this Notification and this Privacy & Use policy.

admin

Leave a Comment
Share
Published by
admin
10 years ago

Recent Posts

CISA Adds One Known Exploited Vulnerability to Catalog

 CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…

15 hours ago

Updated Guidance on Play Ransomware

CISA, the Federal Bureau of Investigation (FBI), and the Australian Signals Directorate’s Australian Cyber Security…

2 days ago

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…

3 days ago

CISA Adds Five Known Exploited Vulnerabilities to Catalog

CISA added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of…

4 days ago

CISA Releases Five Industrial Control Systems Advisories

CISA released five Industrial Control Systems (ICS) advisories on May 29, 2025. These advisories provide…

1 week ago

CISA Releases One Industrial Control Systems Advisory

CISA released one Industrial Control Systems (ICS) advisory on May 27, 2025. These advisories provide…

1 week ago

This website uses cookies.