Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

CVE-2026-20843: CWE-284: Improper Access Control in Microsoft Windows 10 Version 1809

0
High
VulnerabilityCVE-2026-20843cvecve-2026-20843cwe-284
Published: Tue Jan 13 2026 (01/13/2026, 17:56:52 UTC)
Source: CVE Database V5
Vendor/Project: Microsoft
Product: Windows 10 Version 1809

Description

CVE-2026-20843 is a high-severity vulnerability in Microsoft Windows 10 Version 1809 affecting the Routing and Remote Access Service (RRAS). It involves improper access control that allows an authorized local attacker to elevate privileges without requiring user interaction. The vulnerability impacts confidentiality, integrity, and availability, enabling attackers with limited privileges to gain higher system rights. Although no known exploits are currently in the wild, the vulnerability poses a significant risk if exploited. This flaw affects Windows 10 Version 1809 (build 10. 0. 17763. 0), a version still in use in some environments. European organizations using this version, especially in critical infrastructure or enterprise settings, are at risk. Mitigation requires applying patches once available, restricting access to RRAS, and monitoring for suspicious local privilege escalation attempts.

AI-Powered Analysis

AILast updated: 02/05/2026, 08:44:31 UTC

Technical Analysis

CVE-2026-20843 is a vulnerability classified under CWE-284 (Improper Access Control) found in the Routing and Remote Access Service (RRAS) component of Microsoft Windows 10 Version 1809 (build 10.0.17763.0). RRAS is a networking service that provides routing and remote access capabilities, often used in enterprise environments for VPN and network routing. The vulnerability allows an attacker who already has some level of local access (authorized user with limited privileges) to escalate their privileges to a higher level, potentially SYSTEM or administrator level, without requiring user interaction. This escalation occurs due to insufficient access control checks within RRAS, enabling unauthorized operations that should be restricted. The CVSS v3.1 score of 7.8 indicates a high severity, with attack vector being local (AV:L), low attack complexity (AC:L), requiring privileges (PR:L), no user interaction (UI:N), unchanged scope (S:U), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). No known exploits are currently reported in the wild, but the vulnerability is publicly disclosed and can be targeted by attackers with local access. The vulnerability was reserved in December 2025 and published in January 2026, indicating recent discovery. The lack of available patches at the time of reporting means organizations must rely on interim mitigations. Given that Windows 10 Version 1809 is an older but still supported version in some environments, especially in enterprise and industrial contexts, the vulnerability poses a significant risk to systems relying on RRAS for network connectivity and remote access.

Potential Impact

For European organizations, this vulnerability can have severe consequences. An attacker with local access, such as a compromised user account or insider threat, could escalate privileges to gain full control over affected systems. This can lead to unauthorized access to sensitive data, disruption of network services, and potential lateral movement within corporate networks. Critical infrastructure sectors relying on RRAS for remote connectivity, including energy, finance, healthcare, and government, could face operational disruptions and data breaches. The high impact on confidentiality, integrity, and availability means that exploitation could result in data theft, system manipulation, or denial of service. The vulnerability's local attack vector limits remote exploitation but does not eliminate risk from phishing, malware, or insider threats that achieve initial local access. European organizations with legacy Windows 10 Version 1809 deployments, especially in regulated industries with strict compliance requirements, may face increased exposure and regulatory consequences if exploited.

Mitigation Recommendations

1. Apply official security patches from Microsoft as soon as they become available for Windows 10 Version 1809 to address the RRAS access control flaw. 2. Until patches are released, restrict access to RRAS services by limiting membership in local groups that can manage or interact with RRAS. 3. Implement strict local user privilege management, ensuring users have only the minimum necessary rights to reduce the chance of privilege escalation. 4. Monitor event logs and system behavior for signs of local privilege escalation attempts, focusing on RRAS-related activities. 5. Employ endpoint detection and response (EDR) tools capable of detecting anomalous privilege escalation patterns. 6. Consider upgrading affected systems to newer, fully supported Windows versions where this vulnerability is not present. 7. Harden network segmentation to limit lateral movement opportunities if an attacker gains elevated privileges. 8. Conduct user awareness training to reduce risks of initial local access via phishing or social engineering. 9. Review and audit RRAS configurations to ensure no unnecessary services or features are enabled that could increase attack surface.

Need more detailed analysis?Upgrade to Pro Console

Technical Details

Data Version
5.2
Assigner Short Name
microsoft
Date Reserved
2025-12-03T05:54:20.376Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 69668adea60475309f9ae0a0

Added to database: 1/13/2026, 6:11:42 PM

Last enriched: 2/5/2026, 8:44:31 AM

Last updated: 2/7/2026, 2:25:25 AM

Views: 34

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats