Home

CVE-2015-0009

Description

The Group Policy Security Configuration policy implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows man-in-the-middle attackers to disable a signing requirement and trigger a revert-to-default action by spoofing domain-controller responses, aka Group Policy Security Feature Bypass Vulnerability.

Risk Information

Base Score
3.7
MODERATE
Vector
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score
Exploitation Probability
1.772

Associated Vulnerability

VulnerabilityOS Platform
ms15-014: vulnerability in group policy could allow security feature bypass: february 10, 2015 for Windows Server 2003 (KB3004361)Windows
ms15-014: vulnerability in group policy could allow security feature bypass: february 10, 2015 for Windows Vista (KB3004361)Windows
ms15-014: vulnerability in group policy could allow security feature bypass: february 10, 2015 for Windows Server 2008 (KB3004361)Windows
ms15-014: vulnerability in group policy could allow security feature bypass: february 10, 2015 for Windows 7 (KB3004361)Windows
ms15-014: vulnerability in group policy could allow security feature bypass: february 10, 2015 for Windows 8 (KB3004361)Windows
ms15-014: vulnerability in group policy could allow security feature bypass: february 10, 2015 for Windows 8.1 (KB3004361)Windows
ms15-014: vulnerability in group policy could allow security feature bypass: february 10, 2015 for Windows Server 2003 x64 Edition (KB3004361)Windows
ms15-014: vulnerability in group policy could allow security feature bypass: february 10, 2015 for Windows Vista for x64-based Systems (KB3004361)Windows
ms15-014: vulnerability in group policy could allow security feature bypass: february 10, 2015 for Windows Server 2008 x64 Edition (KB3004361)Windows
ms15-014: vulnerability in group policy could allow security feature bypass: february 10, 2015 for Windows 7 for x64-based Systems (KB3004361)Windows
ms15-014: vulnerability in group policy could allow security feature bypass: february 10, 2015 for Windows Server 2008 R2 x64 Edition (KB3004361)Windows
ms15-014: vulnerability in group policy could allow security feature bypass: february 10, 2015 for Windows 8 for x64-based Systems (KB3004361)Windows
ms15-014: vulnerability in group policy could allow security feature bypass: february 10, 2015 for Windows Server 2012 (KB3004361)Windows
ms15-014: vulnerability in group policy could allow security feature bypass: february 10, 2015 for Windows 8.1 for x64-based Systems (KB3004361)Windows
ms15-014: vulnerability in group policy could allow security feature bypass: february 10, 2015 for Windows Server 2012 R2 (KB3004361)Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-17031Security Update for Windows Server 2003 (KB3004361)
PATCH-17032Security Update for Windows Vista (KB3004361)
PATCH-17033Security Update for Windows Server 2008 (KB3004361)
PATCH-17034Security Update for Windows 7 (KB3004361)
PATCH-17035Security Update for Windows 8 (KB3004361)
PATCH-17036Security Update for Windows 8.1 (KB3004361)
PATCH-17037Security Update for Windows Server 2003 x64 Edition (KB3004361)
PATCH-17038Security Update for Windows Vista for x64-based Systems (KB3004361)
PATCH-17039Security Update for Windows Server 2008 x64 Edition (KB3004361)
PATCH-17040Security Update for Windows 7 for x64-based Systems (KB3004361)
PATCH-17041Security Update for Windows Server 2008 R2 x64 Edition (KB3004361)
PATCH-17042Security Update for Windows 8 for x64-based Systems (KB3004361)
PATCH-17043Security Update for Windows Server 2012 (KB3004361)
PATCH-17044Security Update for Windows 8.1 for x64-based Systems (KB3004361)
PATCH-17045Security Update for Windows Server 2012 R2 (KB3004361)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234