CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: May 3, 2022
Description
Microsoft Windows Active Directory contains a privilege escalation vulnerability due to the way it distributes passwords that are configured using Group Policy preferences. An authenticated attacker who successfully exploits the vulnerability could decrypt the passwords and use them to elevate privileges on the domain.
EPSS — Exploit Probability
80.3%
Higher than 99.1% of all CVEs
Required Action
https://nvd.nist.gov/vuln/detail/CVE-2014-1812
Risk Assessment
CRITICALIn CISA KEV
High EPSS
Ransomware
Details
- Severity
- High
- EPSS
- 80.3%
- CISA KEV
- Yes
- Ransomware
- Known
- Articles
- 0
Timeline
Published
Nov 3, 2021
Added to KEV
Nov 3, 2021
Remediation Due
May 3, 2022