Windows Remote Access Connection Manager Vulnerability

HIGH (7.8)
cwe-284connection-managerlocal-access-vulnerabilitymicrosoftprivilege-elevationremote-accesswindows-10

Threat Intelligence

Low Risk
EPSS Score: 0.06% chance of exploitation (percentile: 17%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

The Windows Remote Access Connection Manager is a component of the Windows operating system, allowing remote access to local systems. This vulnerability allows an authorized attacker to elevate privileges locally, potentially leading to unauthorized access to sensitive data and system configuration.

Am I affected?

You're affected if you use Improper access control. Specific version info not stated in the advisory.

How to fix

Concrete steps:

  1. Enable the Windows Security Update Service (WSUS) or Microsoft Update Catalog to receive security updates.
  2. Apply the latest security update for Windows 10 version 2004 or earlier:
    • For Windows 10 version 2004: Download and install KB5003638 from the Microsoft Support website.
    • For Windows 10 version 1903: Download and install KB5003637 from the Microsoft Support website.
  3. Immediate mitigations (if upgrade isn't possible):
    • Restrict network access to your system (firewall it from the public internet)
    • Audit system activity for suspicious access patterns
    • Monitor for unauthorized privilege elevation

References