Researchers from Core Security were able to exploit a security vulnerability in Windows’ group policy — MS15-011 — that was patched by Microsoft in February.

This vulnerability affects all Windows versions since Windows Server 2008. Windows administrators can remotely manage all of the Windows devices on a network through the Group Policy feature.

Addressing the GPO vulnerability required Microsoft to correct how Group Policy checks access which was probably not an easy thing considering it’s a fundamental mechanism for Windows management.

Microsoft's August 2025 Patch Tuesday fixes 107 CVEs, including a critical Windows Kerberos zero-day and remote code ...

Microsoft blocked code signing certificates predominantly used by Chinese hackers and developers to sign and load malicious kernel mode drivers on breached systems by exploiting a Windows policy ...

According to Microsoft, the bug exists because Group Policy improperly checks access in Windows, allowing an attacker who exploited the vulnerability to run processes in an elevated context.