Home » News » Insecurely stored passwords in Group Policy Preferences can be Decrypted

Dated: August 7, 2015

It has been found out that insecurely stored passwords in the Group policy preferences can be exploited because Microsoft Security Bulletin MS14-025 [1] is not properly implemented. Windows systems would still be vulnerable if administrators don’t erase all stored passwords from their systems because an attacker can decrypt these credentials for malicious purposes.

NUST CSIRT encourage users and administrators to employ the PowerShell script [2] provided by Microsoft and follow the instructions to clear all CPassword preferences from their environment.

[1]. http://technet.microsoft.com/library/security/ms14-025
[2]. http://support.microsoft.com/en-us/kb/2962486

Subscribe To Alerts

Email *

Opera Mobile Store