Before being fixed, the flaw allowed attackers to locally elevate privileges to the highest level, enabling lateral movement within the network
Sergey Bliznyuk, an expert from PT SWARM at Positive Technologies, discovered the vulnerability CVE-2025-47955, which affected 37 Microsoft products. This issue posed a significant threat to organizations, as it impacted current desktop and server versions of Windows. Exploiting the flaw could allow attackers to execute arbitrary code on corporate devices and install any software, including malware. Microsoft was notified of the issue under the responsible disclosure policy and has since patched it.
The vulnerability, located in the Remote Access Connection Manager service—a Windows component responsible for VPN connections—was rated highly dangerous, scoring 7.8 on the CVSS 3.1 scale. Installing the latest monthly security updates is essential to address the issue. If updates cannot be applied, Positive Technologies strongly recommends disabling the unpatched service, which is enabled by default in all Windows versions.
The flaw affected widely used systems like Windows 10 and 11, which account for 70% of the desktop OS market, according to StatCounter. It also impacted 19 server versions, including Windows Server 2025 and 2022, commonly used in corporate infrastructures, cloud services, and data centers. Analysts estimate nearly 30,000 server OS installations globally, with a significant portion running on Windows Server.