⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2022-05-03.

CVE-2014-1812Insufficiently Protected Credentials in Microsoft Windows Server 2008

CWE-255CWE-522Insufficiently Protected Credentials15 documents10 sources
Severity
8.8HIGHNVD
EPSS
83.1%
top 0.74%
CISA KEV
KEVRansomware
Added 2021-11-03
Due 2022-05-03
Exploit
Exploited in wild
Active exploitation observed
Affected products
2
Microsoft Windows Server 2008Microsoft Windows Server 2012
Timeline
PublishedMay 14
KEV addedNov 3
KEV dueMay 3
Latest updateFeb 2
CISA Required Action: Apply updates per vendor instructions.

Description

The Group Policy implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly handle distribution of passwords, which allows remote authenticated users to obtain sensitive credential information and consequently gain privileges by leveraging access to the SYSVOL share, as exploited in the wild in May 2014, aka "Group Policy Preferences Password Elevation of Privilege Vulnerability."

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

Patches

Patch: docs.microsoft.comPatch: docs.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-cm2m-vv5g-hpc2: The Group Policy implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 82022-05-14
VulnCheck
Microsoft Windows Group Policy Preferences Password Privilege Escalation Vulnerability2014

💥Exploits & PoCs

2
Exploit-DB
Chkrootkit 0.49 - Local Privilege Escalation2014-06-28
Metasploit
SMB Group Policy Preference Saved Passwords Enumeration

📋Vendor Advisories

1
CISA
Microsoft Windows Group Policy Preferences Password Privilege Escalation Vulnerability2021-11-03

🕵️Threat Intelligence

9
Greynoiseio
The Noise in the Silence: Unmasking CISA's Hidden KEV Ransomware Updates2026-02-02
Qualys
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys2022-02-23
Qualys
Qualys Security Advisory: SolarWinds / FireEye | Qualys2020-12-22
Qualys
Qualys Security Advisory: SolarWinds / FireEye2020-12-22
Unit42
Threat Brief: FireEye Red Team Tool Breach2020-12-11