Home » News » Insecurely stored passwords in Group Policy Preferences can be Decrypted

Dated: August 7, 2015

Description
It has been found out that insecurely stored passwords in the Group policy preferences can be exploited because Microsoft Security Bulletin MS14-025 [1] is not properly implemented. Windows systems would still be vulnerable if administrators don’t erase all stored passwords from their systems because an attacker can decrypt these credentials for malicious purposes.

Recommendations
NUST CSIRT encourage users and administrators to employ the PowerShell script [2] provided by Microsoft and follow the instructions to clear all CPassword preferences from their environment.

References
[1]. http://technet.microsoft.com/library/security/ms14-025
[2]. http://support.microsoft.com/en-us/kb/2962486