Microsoft fixed 129 vulnerabilities today across its entire range of software products, from Windows and Office to Visual Studio, Azure DevOps and Microsoft Apps for Android. Eleven of those flaws are critical and should be patched immediately, but one particular vulnerability could be easily overlooked and could allow hackers with local access to take full control of enterprise Windows systems.
The issue, tracked as CVE-2020-1317, affects one of the most basic mechanisms for centrally managing the settings of Windows computers and users in Active Directory environments: Group Policy.