CVE-2022-35767 is a high-severity remote code execution (RCE) vulnerability affecting Microsoft Windows 10 Version 1809, specifically targeting the Secure Socket Tunneling Protocol (SSTP) implementation. SSTP is a VPN tunneling protocol that encapsulates PPP traffic over HTTPS, commonly used to securely connect remote clients to corporate networks. The vulnerability is classified under CWE-94, indicating an improper control of code generation, which typically allows attackers to execute arbitrary code. The CVSS v3.1 base score is 8.1, reflecting a high impact with network attack vector (AV:N), high attack complexity (AC:H), no privileges required (PR:N), and no user interaction (UI:N). The scope is unchanged (S:U), and the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H). This means an unauthenticated attacker can remotely exploit the vulnerability over the network without user interaction, potentially executing arbitrary code with system-level privileges. Although no known exploits are currently reported in the wild, the vulnerability poses a significant risk due to its ease of exploitation and potential impact. The affected version is Windows 10 1809 (build 10.0.17763.0), which is an older but still in-use version in some environments. No official patch links are provided in the data, but Microsoft typically addresses such vulnerabilities in security updates. The vulnerability could allow attackers to compromise affected systems, leading to full system takeover, data theft, or disruption of services relying on SSTP VPN connectivity.

For European organizations, this vulnerability presents a critical risk especially for enterprises and government agencies relying on Windows 10 Version 1809 for remote access via SSTP VPNs. Exploitation could lead to unauthorized access to internal networks, data breaches, and disruption of business operations. Given the high confidentiality, integrity, and availability impact, attackers could exfiltrate sensitive data, deploy malware or ransomware, and disrupt critical services. Organizations in sectors such as finance, healthcare, public administration, and critical infrastructure are particularly at risk due to their reliance on secure remote connectivity and the sensitive nature of their data. The lack of required privileges or user interaction lowers the barrier for attackers, increasing the likelihood of successful exploitation if systems remain unpatched. Additionally, the persistence of legacy Windows 10 1809 installations in some European enterprises and public sector environments increases exposure. The absence of known exploits in the wild currently provides a window for mitigation, but the potential for rapid weaponization remains high.

European organizations should prioritize the following specific mitigation steps: 1) Identify and inventory all systems running Windows 10 Version 1809, focusing on those using SSTP VPN services. 2) Apply the latest Microsoft security updates addressing CVE-2022-35767 as soon as they become available; if no patch is yet released, consider temporary workarounds such as disabling SSTP VPN services or restricting SSTP traffic via network controls. 3) Implement network segmentation to isolate VPN gateways and limit lateral movement in case of compromise. 4) Employ intrusion detection and prevention systems (IDS/IPS) with updated signatures to detect anomalous SSTP traffic or exploitation attempts. 5) Enforce strict access controls and multi-factor authentication (MFA) on VPN access to reduce risk from compromised credentials. 6) Monitor logs for unusual SSTP connection attempts or errors indicative of exploitation attempts. 7) Plan for upgrading legacy Windows 10 1809 systems to supported versions with ongoing security updates to reduce exposure to similar vulnerabilities. 8) Conduct user awareness training focused on recognizing potential signs of VPN compromise and reporting incidents promptly.