Understanding Group Policy Privilege Escalation in CVE-2020-1317

Understanding Group Policy Privilege Escalation in CVE-2020-1317

Last month, Microsoft released an advisory for CVE-2020-1317 which describes a privilege escalation vulnerability in Group Policy. This was further detailed by the discoverer of the vulnerability on the Cyberark website. The nature of this issue is interesting and worth understanding. For years, Group Policy has had this dichotomy built into its design. Namely, the need to …