Windows design flaw allows disabling user group policies
a year ago
- #Windows Security
- #Group Policy Bypass
- #Microsoft
- Windows design flaw allows standard users to override group policies using a DLL file.
- The issue involves manipulating registry entries via the Offreg.dll file to bypass administrator-set policies.
- Microsoft considers this behavior as expected and not a security boundary violation.
- Security researcher Stefan Kanthak demonstrated the exploit, which can bypass Office hardening and other policies.
- Recommended countermeasures include modifying NTFS access control entries to restrict user permissions.
- The flaw has reportedly existed for over 25 years and was previously reported to Microsoft as 'expected behavior'.