How an attacker can misuse the Group Policy vulnerability
Group Policy settings are stored on Windows systems as Group Policy Objects (GPO) and they can be distributed by the domain admin over the network from the domain controller. In any case, Group Policy upgrades are not instant of course, and generally takes some time to engender over a network, which is the reason Windows incorporates a tool called GPUpdate.exe that users can run to request GPO upgrades from the domain controller as opposed to waiting for them. "Strangely enough, a Group Policy update can be requested physically by a local non-privileged user," the security CyberArk security scientists said in a blog entry. "In this way, if you figure out how to discover a bug in the Group Policy update process, you can trigger it yourself whenever you need to - making a potential attack simpler." The Group Policy upgrades are taken care of through a service called GPSVC that runs under the svchost.exe process, which handles many services in Windows. True to for