A remote code execution vulnerability exists in Microsoft Windows. The vulnerability is due to the way Group Policy receives and applies policy data when a domain-joined system connects to a domain controller. An attacker can exploit this vulnerability by convincing a victim with a domain-configured system to connect to an attacker-controlled network.