Israeli CyberArk company has released a new research that points at a decade-old vulnerability in the Windows Group Policy Object (GPO) software, according to a press release by the company.
As a basic Windows feature, practically every organization uses GPO to set policies for all types of machines, from printers to backup devices, according to the press release.
In order to function properly, the software must interact with numerous network components, making it a major stress point and an ideal target for attackers trying to gain a foothold within an organization.
The vulnerability discovered by CyberArk is thus a game changer for hackers seeking to lunch an undetected attack, as they can exploit the GPO system to gain access to the authorized users of an organization, allowing privileged access to critical systems and potentially undetected, devastating attacks affecting the entire network.
The scale of this discovered threat is huge, considering this vulnerability impacts any Windows machine built after 2008, meaning hundreds of millions of machines could be affected if not properly updated, the press release noted.
CyberArk was established in Israel in 1999 by current CEO Udi Mokady and was designated as an information security company, dealing mostly with financial, energy, retail and healthcare services as well as government markets. Headquartered in Petah Tikva, Israel, the company has US headquarters in Newton, Massachusetts, as well.
Shortly after CyberArk's discovery was made public, Microsoft released a patch update meant to solve the issue.