CVE-2026-20843 is a vulnerability classified under CWE-284 (Improper Access Control) found in the Windows Routing and Remote Access Service (RRAS) component of Microsoft Windows 10 Version 1607 (build 10.0.14393.0). This flaw allows an attacker who already has some level of local authorization on the system to escalate their privileges to higher levels, potentially SYSTEM or administrative privileges. The vulnerability arises because RRAS does not properly enforce access control checks, enabling privilege escalation without requiring user interaction. The CVSS v3.1 base score is 7.8, indicating a high severity level, with attack vector being local (AV:L), low attack complexity (AC:L), requiring privileges (PR:L), and no user interaction (UI:N). The scope is unchanged (S:U), but the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H). Although no public exploits have been reported yet, the vulnerability could be leveraged by attackers who have gained limited local access to fully compromise affected systems. Windows 10 Version 1607 is an older release, so this vulnerability primarily affects legacy systems that have not been updated or migrated to newer Windows versions. The lack of published patches at the time of reporting means organizations must rely on mitigating controls until official updates are released.

The vulnerability allows local attackers with limited privileges to escalate their rights to full administrative control, severely compromising system confidentiality, integrity, and availability. This can lead to unauthorized access to sensitive data, installation of persistent malware, disabling of security controls, and disruption of network services. Organizations relying on Windows 10 Version 1607 in critical environments such as enterprise networks, government agencies, or industrial control systems face increased risk of insider threats or lateral movement by attackers. The exploitation could facilitate further attacks, including data breaches, ransomware deployment, or espionage. Since the attack requires local access, the threat is more pronounced in environments where multiple users share systems or where attackers can gain initial footholds through other means. The absence of known exploits currently limits immediate widespread impact but does not reduce the urgency for remediation due to the high potential damage.

1. Upgrade affected systems from Windows 10 Version 1607 to a supported and fully patched Windows version to eliminate the vulnerability. 2. Until patches are available, restrict local access to systems running this version, especially limiting RRAS usage to trusted administrators. 3. Implement strict access control policies and monitor local user activities for unusual privilege escalation attempts. 4. Disable RRAS if it is not required in the environment to reduce the attack surface. 5. Use endpoint detection and response (EDR) tools to detect suspicious behavior indicative of privilege escalation. 6. Enforce the principle of least privilege for all users and services to minimize the impact of potential exploitation. 7. Regularly audit and review system logs related to RRAS and privilege changes to identify early signs of exploitation attempts. 8. Prepare incident response plans specifically addressing local privilege escalation scenarios.