CVE-2014-1812

HIGH KEV RANSOMWARE

Microsoft Windows - Privilege Escalation

Title source: llm

Description

The Group Policy implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly handle distribution of passwords, which allows remote authenticated users to obtain sensitive credential information and consequently gain privileges by leveraging access to the SYSVOL share, as exploited in the wild in May 2014, aka "Group Policy Preferences Password Elevation of Privilege Vulnerability."

Exploits (2)

nomisec WORKING POC
by mauricelambert · poc
https://github.com/mauricelambert/gpp-encrypt
metasploit WORKING POC
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/smb/smb_enum_gpp.rb

References (3)

Scores

CVSS v3 8.8
EPSS 0.8026
EPSS Percentile 99.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitation Intel

CISA KEV 2021-11-03
VulnCheck KEV 2014-05-13
InTheWild.io 2019-05-13
ENISA EUVD EUVD-2014-1886
Ransomware Use Confirmed

Classification

CWE
CWE-522 CWE-255
Status draft

Affected Products (9)

microsoft/windows_7
microsoft/windows_8
microsoft/windows_8.1
microsoft/windows_server_2008
microsoft/windows_server_2008
microsoft/windows_server_2008
microsoft/windows_server_2012
microsoft/windows_server_2012
microsoft/windows_vista

Timeline

Published May 14, 2014
KEV Added Nov 03, 2021
Tracked Since Feb 18, 2026