CVE-2026-20843: CWE-284: Improper Access Control in Microsoft Windows 10 Version 1809
Improper access control in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally.
AI Analysis
Technical Summary
CVE-2026-20843 is a vulnerability classified under CWE-284 (Improper Access Control) affecting Microsoft Windows 10 Version 1809, specifically the Routing and Remote Access Service (RRAS). RRAS is a Windows component that provides routing and remote access capabilities, often used in enterprise environments to manage VPNs, dial-up connections, and routing protocols. The vulnerability allows an attacker who already has authorized local access to the system to escalate their privileges, potentially gaining SYSTEM-level rights. This elevation of privilege can lead to full control over the affected system, enabling the attacker to execute arbitrary code, install malware, or manipulate system configurations. The CVSS 3.1 base score is 7.8, indicating a high severity level. The attack vector is local (AV:L), requiring low attack complexity (AC:L) and privileges (PR:L), but no user interaction (UI:N). The scope remains unchanged (S:U), but the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H). No known exploits have been reported in the wild, and no official patches have been linked yet, though the vulnerability has been publicly disclosed. The vulnerability's presence in an older Windows 10 version (1809) means that systems not updated or migrated to newer versions remain vulnerable. Organizations relying on RRAS for network services are particularly at risk, as attackers with local access could leverage this flaw to gain elevated privileges and compromise critical systems.
Potential Impact
For European organizations, this vulnerability poses a significant risk, especially in sectors such as government, finance, healthcare, and critical infrastructure where Windows 10 Version 1809 is still in use and RRAS is deployed. Successful exploitation could lead to full system compromise, data breaches, disruption of network services, and lateral movement within corporate networks. The ability to escalate privileges locally means that even users with limited access could gain administrative control, increasing the threat from insider attacks or compromised user accounts. Given the high impact on confidentiality, integrity, and availability, organizations could face operational downtime, regulatory penalties under GDPR for data breaches, and reputational damage. The lack of a patch at the time of disclosure increases the window of exposure, necessitating immediate mitigation efforts. Additionally, the vulnerability could be leveraged as a foothold in multi-stage attacks targeting European enterprises, amplifying its potential impact.
Mitigation Recommendations
1. Restrict local access to systems running Windows 10 Version 1809, especially those with RRAS enabled, limiting it to trusted administrators only. 2. Disable the Routing and Remote Access Service on systems where it is not required to reduce the attack surface. 3. Implement strict access controls and monitoring on endpoints to detect unusual privilege escalation attempts. 4. Employ application whitelisting and endpoint detection and response (EDR) solutions to identify and block suspicious activities. 5. Regularly audit user privileges and remove unnecessary local accounts or rights that could be exploited. 6. Plan and execute an upgrade or migration to a supported and patched Windows version that addresses this vulnerability. 7. Monitor security advisories from Microsoft for the release of official patches and apply them promptly once available. 8. Use network segmentation to isolate critical systems and limit the potential spread of an attacker who gains elevated privileges. 9. Educate IT staff about the risks associated with RRAS and the importance of minimizing its use unless absolutely necessary.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland, Belgium, Sweden, Austria
CVE-2026-20843: CWE-284: Improper Access Control in Microsoft Windows 10 Version 1809
Description
Improper access control in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally.
AI-Powered Analysis
Technical Analysis
CVE-2026-20843 is a vulnerability classified under CWE-284 (Improper Access Control) affecting Microsoft Windows 10 Version 1809, specifically the Routing and Remote Access Service (RRAS). RRAS is a Windows component that provides routing and remote access capabilities, often used in enterprise environments to manage VPNs, dial-up connections, and routing protocols. The vulnerability allows an attacker who already has authorized local access to the system to escalate their privileges, potentially gaining SYSTEM-level rights. This elevation of privilege can lead to full control over the affected system, enabling the attacker to execute arbitrary code, install malware, or manipulate system configurations. The CVSS 3.1 base score is 7.8, indicating a high severity level. The attack vector is local (AV:L), requiring low attack complexity (AC:L) and privileges (PR:L), but no user interaction (UI:N). The scope remains unchanged (S:U), but the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H). No known exploits have been reported in the wild, and no official patches have been linked yet, though the vulnerability has been publicly disclosed. The vulnerability's presence in an older Windows 10 version (1809) means that systems not updated or migrated to newer versions remain vulnerable. Organizations relying on RRAS for network services are particularly at risk, as attackers with local access could leverage this flaw to gain elevated privileges and compromise critical systems.
Potential Impact
For European organizations, this vulnerability poses a significant risk, especially in sectors such as government, finance, healthcare, and critical infrastructure where Windows 10 Version 1809 is still in use and RRAS is deployed. Successful exploitation could lead to full system compromise, data breaches, disruption of network services, and lateral movement within corporate networks. The ability to escalate privileges locally means that even users with limited access could gain administrative control, increasing the threat from insider attacks or compromised user accounts. Given the high impact on confidentiality, integrity, and availability, organizations could face operational downtime, regulatory penalties under GDPR for data breaches, and reputational damage. The lack of a patch at the time of disclosure increases the window of exposure, necessitating immediate mitigation efforts. Additionally, the vulnerability could be leveraged as a foothold in multi-stage attacks targeting European enterprises, amplifying its potential impact.
Mitigation Recommendations
1. Restrict local access to systems running Windows 10 Version 1809, especially those with RRAS enabled, limiting it to trusted administrators only. 2. Disable the Routing and Remote Access Service on systems where it is not required to reduce the attack surface. 3. Implement strict access controls and monitoring on endpoints to detect unusual privilege escalation attempts. 4. Employ application whitelisting and endpoint detection and response (EDR) solutions to identify and block suspicious activities. 5. Regularly audit user privileges and remove unnecessary local accounts or rights that could be exploited. 6. Plan and execute an upgrade or migration to a supported and patched Windows version that addresses this vulnerability. 7. Monitor security advisories from Microsoft for the release of official patches and apply them promptly once available. 8. Use network segmentation to isolate critical systems and limit the potential spread of an attacker who gains elevated privileges. 9. Educate IT staff about the risks associated with RRAS and the importance of minimizing its use unless absolutely necessary.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- microsoft
- Date Reserved
- 2025-12-03T05:54:20.376Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69668adea60475309f9ae0a0
Added to database: 1/13/2026, 6:11:42 PM
Last enriched: 1/28/2026, 7:35:02 PM
Last updated: 2/2/2026, 11:19:32 AM
Views: 33
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-0599: CWE-400 Uncontrolled Resource Consumption in huggingface huggingface/text-generation-inference
HighCVE-2025-7105: CWE-400 Uncontrolled Resource Consumption in danny-avila danny-avila/librechat
MediumCVE-2025-6208: CWE-400 Uncontrolled Resource Consumption in run-llama run-llama/llama_index
MediumCVE-2025-10279: CWE-379 Creation of Temporary File in Directory with Insecure Permissions in mlflow mlflow/mlflow
HighCVE-2024-5986: CWE-73 External Control of File Name or Path in h2oai h2oai/h2o-3
CriticalActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.