CVE-2014-1812

HIGH KEV RANSOMWARE

Microsoft Windows - Privilege Escalation

Title source: llm
STIX 2.1

Description

The Group Policy implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly handle distribution of passwords, which allows remote authenticated users to obtain sensitive credential information and consequently gain privileges by leveraging access to the SYSVOL share, as exploited in the wild in May 2014, aka "Group Policy Preferences Password Elevation of Privilege Vulnerability."

Exploits (2)

nomisec WORKING POC
by mauricelambert · poc
https://github.com/mauricelambert/gpp-encrypt
metasploit WORKING POC
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/smb/smb_enum_gpp.rb

References (3)

Core 3

Scores

CVSS v3 8.8
EPSS 0.8376
EPSS Percentile 99.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact partial

Details

CISA KEV 2021-11-03
VulnCheck KEV 2014-05-13
InTheWild.io 2019-05-13
ENISA EUVD EUVD-2014-1886
Ransomware Use Confirmed
CWE
CWE-255 CWE-522
Status published
Products (8)
microsoft/windows_7
microsoft/windows_8
microsoft/windows_8.1
microsoft/windows_server_2008
microsoft/windows_server_2008 r2 sp1 (2 CPE variants)
microsoft/windows_server_2012
microsoft/windows_server_2012 r2
microsoft/windows_vista
Published May 14, 2014
KEV Added Nov 03, 2021
Tracked Since Feb 18, 2026