CVE-2024-26255 is a medium-severity vulnerability identified in Microsoft Windows 10 Version 1809 (build 10.0.17763.0), specifically affecting the Windows Remote Access Connection Manager component. The vulnerability is classified as a CWE-126: Buffer Over-read, which occurs when a program reads data beyond the boundaries of a buffer. This can lead to information disclosure as the attacker may gain access to sensitive memory contents that should not be accessible. The vulnerability does not allow for modification of data or denial of service but impacts confidentiality by potentially exposing sensitive information. The CVSS 3.1 base score is 5.5, reflecting a medium severity level. The attack vector is local (AV:L), meaning the attacker must have local access to the system. The attack complexity is low (AC:L), requiring low skill to exploit once local access is obtained. Privileges required are low (PR:L), indicating that an attacker with limited user privileges can exploit the vulnerability. No user interaction is needed (UI:N), and the scope is unchanged (S:U), meaning the vulnerability affects only the vulnerable component without impacting other system components. There are no known exploits in the wild at the time of publication, and no patches have been linked yet. The vulnerability was reserved in February 2024 and published in April 2024. The Remote Access Connection Manager is responsible for managing dial-up and VPN connections, which are commonly used in enterprise environments for remote connectivity. The buffer over-read could allow an attacker with local access to extract sensitive information from memory, potentially including credentials or other confidential data related to remote access sessions.

For European organizations, especially those relying on Windows 10 Version 1809 in their enterprise environments, this vulnerability poses a risk to confidentiality. Since the vulnerability requires local access and low privileges, it could be exploited by insider threats or attackers who have gained limited access through other means. The exposure of sensitive information related to remote access connections could facilitate further attacks, such as credential theft or lateral movement within networks. Organizations in sectors with high reliance on VPNs and remote access—such as finance, government, healthcare, and critical infrastructure—may face increased risk. The lack of known exploits reduces immediate threat but does not eliminate the risk, especially if attackers develop exploits. The absence of a patch increases exposure duration. Given that Windows 10 Version 1809 is an older release, some organizations may still be using it due to legacy application dependencies, increasing the affected population. Confidentiality breaches could lead to regulatory penalties under GDPR if personal data is exposed. The vulnerability does not impact system integrity or availability directly, so operational disruption is unlikely from this issue alone.

1. Upgrade or patch: Organizations should prioritize upgrading from Windows 10 Version 1809 to a more recent, supported Windows version where this vulnerability is addressed. If patches become available, they should be applied promptly. 2. Restrict local access: Limit local user access to systems running Windows 10 Version 1809, especially those with Remote Access Connection Manager enabled. Implement strict access controls and monitor for unauthorized access attempts. 3. Use endpoint detection and response (EDR): Deploy EDR solutions capable of detecting anomalous local activities that could indicate attempts to exploit buffer over-read vulnerabilities or memory disclosure. 4. Harden remote access configurations: Review and tighten VPN and dial-up connection settings to minimize exposure, including disabling unused remote access features and enforcing strong authentication mechanisms. 5. Monitor logs: Enable detailed logging of remote access connection events and local user activities to detect suspicious behavior early. 6. Educate users and administrators: Raise awareness about the risks of local privilege escalation and insider threats, emphasizing the importance of maintaining updated systems. 7. Network segmentation: Isolate critical systems and limit lateral movement opportunities for attackers who gain local access. 8. Implement least privilege: Ensure users operate with the minimum privileges necessary to reduce exploitation potential.