CVE-2024-28902 is a medium-severity vulnerability identified in Microsoft Windows 10 Version 1809 (build 10.0.17763.0), specifically affecting the Windows Remote Access Connection Manager component. The vulnerability is classified as a CWE-126: Buffer Over-read, which occurs when a program reads data beyond the boundaries of a buffer. This flaw can lead to information disclosure, as the Remote Access Connection Manager may inadvertently expose sensitive memory contents to an attacker. The vulnerability requires local privileges (PR:L) and low attack complexity (AC:L), but no user interaction (UI:N) is needed to exploit it. The attack vector is local (AV:L), meaning the attacker must have local access to the affected system. The scope is unchanged (S:U), indicating the impact is limited to the vulnerable component without affecting other system components. The confidentiality impact is high (C:H), while integrity and availability impacts are none (I:N, A:N). The CVSS v3.1 base score is 5.5, reflecting a medium severity level. No known exploits are currently reported in the wild, and no official patches have been linked yet. This vulnerability could allow an attacker with local access and limited privileges to extract sensitive information from memory, potentially leading to further attacks or data leakage. Given that Windows 10 Version 1809 is an older release, many organizations may have already migrated to newer versions, but legacy systems remain at risk. The vulnerability does not require user interaction, increasing the risk if an attacker gains local access, such as through compromised credentials or physical access.

For European organizations, the primary impact of CVE-2024-28902 lies in potential information disclosure on legacy Windows 10 Version 1809 systems. Confidential data residing in memory could be exposed to unauthorized local users, including sensitive credentials, configuration data, or other protected information. This could facilitate privilege escalation or lateral movement within networks, especially in environments where older Windows 10 versions are still in use due to compatibility or operational constraints. Critical sectors such as finance, healthcare, and government agencies that maintain legacy infrastructure may face increased risk of data breaches or espionage. The vulnerability's local attack vector limits remote exploitation, but insider threats or attackers who have already gained limited access could leverage this flaw to deepen their foothold. The lack of impact on integrity and availability means system operations are unlikely to be disrupted directly, but confidentiality breaches could have regulatory and reputational consequences under GDPR and other data protection frameworks prevalent in Europe.

1. Prioritize upgrading or migrating systems from Windows 10 Version 1809 to supported, up-to-date Windows versions where this vulnerability is not present. 2. Implement strict access controls and monitoring on systems running legacy Windows 10 versions to prevent unauthorized local access. 3. Employ endpoint detection and response (EDR) solutions to detect suspicious local activities that could indicate exploitation attempts. 4. Restrict use of Remote Access Connection Manager services where possible, or apply group policies to limit its exposure. 5. Conduct regular audits to identify and inventory devices still running Windows 10 Version 1809 to ensure focused remediation efforts. 6. Until patches are available, consider deploying application whitelisting and privilege management to reduce the risk of local attackers exploiting this vulnerability. 7. Educate staff about the risks of local access compromise and enforce strong physical security controls to prevent unauthorized device access. 8. Monitor official Microsoft channels for patch releases and apply updates promptly once available.