Microsoft quietly released a security update at the end of last month for its oldest Windows 10. The update is intended to fix a vulnerability that could lead to a Local Privilege Escalation (LPE) flaw. This could occur by exploiting a Group Policy vulnerability. This flaw is can only be exploited on the oldest version of Windows 10. This security fix is specifically targeted at Windows 10, version 1507, and Windows Server 2016. If the Group Policy security vulnerability is successfully exploited, it could lead to privilege escalation.
What is Group Policy vulnerability?
Group Policy, a feature of Microsoft Windows, is a set of rules that control the working environment of user accounts and computer accounts. While Group Policy is a powerful tool for managing and securing a Windows environment, it can also be vulnerable to exploitation if not properly configured. One common vulnerability is the improper application of Group Policy settings, which can lead to security gaps and non-compliance with organizational security standards. For example, misconfigured Group Policy settings may result in weak password policies, lack of account lockout settings, or inadequate user privilege assignments, opening the door to unauthorized access and other security risks.
Another vulnerability is the potential for Group Policy settings to be overridden or tampered with by users with local administrative privileges. This can lead to unauthorized changes in security configurations, software installations, or other system settings, compromising the overall security posture of the network.
To mitigate these vulnerabilities, it is essential to follow best practices for Group Policy management, such as regular security reviews, testing of policy changes in a lab environment before deployment, and restricting local administrative privileges. Additionally, organizations should consider implementing continuous monitoring and auditing of Group Policy settings to detect and respond to any unauthorized changes promptly.
The KB5035238 Update
The patch is deployed via an update to Windows Server 2016’s Remote Server Administration Tools (RSAT). This is a tool used by IT and system administrators to remotely manage servers from a Windows 10 PC (in this case). This security vulnerability has a basic score of 7.0 and a time score of 6.1 in CVSS (Common Vulnerability Scoring System), and is tracked as “CVE-2024-20657”.
A security vulnerability with a basic score of 7.0 means that it has a high severity level. The Common Vulnerability Scoring System (CVSS) provides a numerical representation of the severity of an information security vulnerability, with scores ranging from 0 to 10. A score of 7.0-8.9 is considered high, while a score of 9.0-10.0 is considered critical.
With regards to the new update, Microsoft said in a support document
KB5035238: Security update for Windows 10, version 1507 and Windows Server 2016 for RSAT: January 31, 2024
Summary
This article describes a security update for Windows 10, version 1507 and Windows Server 2016 for Remote Server Administration Tools (RSAT). This update resolves the security issues that are described in the following article:
Gizchina News of the week
CVE-2024-20657 | Windows Group Policy Elevation of Privilege Vulnerability
This update is installed automatically through Windows Update. However, users can also manually download and install it from the Microsoft Update Catalog website. The update is also available from the Microsoft Download Center website through RSAT Updates. The installation file size of the 64-bit version is 54.2 MB. Also, the installation file size of the 32-bit version is 33 MB. Users can install it by downloading it from the Download Center.
Significance of the Update
The release of the KB5035238 update is significant as it demonstrates Microsoft’s commitment to addressing security vulnerabilities in older versions of its operating system. Newer versions of Windows 10 are more commonly used. However, it is important to provide security updates for older iterations to protect older users. These are users who are yet to upgrade to the latest versions. They deserves to be protected from potential threats. By releasing this update, Microsoft aims to safeguard systems running Windows 10, version 1507, and Windows Server 2016 from the identified privilege escalation vulnerability.
Impact on Users
For users running the affected versions of Windows 10 and Windows Server 2016, it is recommended to install the KB5035238 update as soon as possible to mitigate the risk of exploitation. Keeping systems up to date with the latest security patches is a fundamental practice in maintaining a secure computing environment. By applying this update, users can protect their systems from the specific vulnerability addressed by KB5035238. They will also reduce the likelihood of unauthorized privilege escalation.
Final Words
In conclusion, Microsoft’s release of the security update, KB5035238, underscores the critical importance of addressing vulnerabilities. It enhances the overall security posture of Windows operating systems. The significance of this update lies in its focus on older versions of Windows 10 and Windows Server 2016. It ensures that users who rely on these iterations receive necessary security patches to counter evolving threats. Microsoft enables IT administrators to remotely manage servers while fortifying system integrity against potential risks. It does this by providing a comprehensive solution through the Remote Server Administration Tools (RSAT),
The high severity level of the CVE-2024-20657 vulnerability, as indicated by its CVSS score, underscores the urgency. This means that users have to promptly install the KB5035238 update. Microsoft facilitates seamless integration of the patch into existing systems. It achieves this through automated deployment via Windows Update and manual installation options. Therefore, the company is able to mitigate the risk of privilege escalation and enhances the overall system resilience.
Author Bio
Efe Udin is a seasoned tech writer with over seven years of experience. He covers a wide range of topics in the tech industry from industry politics to mobile phone performance. From mobile phones to tablets, Efe has also kept a keen eye on the latest advancements and trends. He provides insightful analysis and reviews to inform and educate readers. Efe is very passionate about tech and covers interesting stories as well as offers solutions where possible.