Serious VPN Vulnerability Discovered in Windows 10 and 11
Cybersecurity experts from Positive Technologies have discovered a critical vulnerability in the latest versions of Windows 10, Windows 11, and several other Microsoft products. The news was reported by TASS, citing information security specialists.
What happened?
The vulnerability was found in the Remote Access Connection Manager component, which is responsible for managing VPN connections in Windows systems.
Due to improper privilege management, a local attacker could escalate their privileges to gain administrator-level access on the system.
Why is it dangerous?
According to the experts, if exploited successfully, the attacker could:
-
execute arbitrary code;
-
install malicious software;
-
gain full control over the device.
This flaw poses a significant threat to corporate users, especially in scenarios where an attacker gains access to a terminal server or a regular employee's workstation.
Affected Windows versions:
-
Windows 10
-
Windows 11
-
Windows Server 2022
-
Windows Server 2025
According to Sergey Bliznyuk, a senior penetration testing expert, the vulnerable component is enabled by default in all Windows versions.
What should users do?
Microsoft has already fixed the vulnerability, and a patch is available through the latest security updates.Experts recommend:
-
Immediately install the latest security updates via Windows Update;
-
If updating is not possible, temporarily disable the Remote Access Connection Manager service manually.
Conclusion
Even local attacks through seemingly secure mechanisms like VPN can lead to severe consequences.
Keeping your system up to date is essential to protect against such vulnerabilities.
