CNNVD-202601-2133 Information

Jan 13, 2026 cve

CNNVD ID

CNNVD-202601-2133

CVE-2026-20843

  • CNNVD Published: 2026-01-13

Description (Chinese)

Microsoft Windows Routing and Remote Access Service是美国微软(Microsoft)公司的一种网络服务,用于实现网络路由、虚拟专用网络(VPN)和拨号连接等功能。 Microsoft Windows Routing and Remote Access Service存在访问控制错误漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 25H2 for ARM64-based Systems,Windows 11 Version 25H2 for x64-based Systems,Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation)。

Description (English)

Microsoft Windows Routing and Remote Access Service is a network service of Microsoft Corporation in the United States, which is used to perform network routing, virtual private network (VPN) and dial-up connectivity. Microsoft Windows Routing and Remote Access Service has access control bugs. The attackers use this loophole to enhance their authority. The following products and versions are affected: Wows for Wow-By-By-By, Wow-By-By-By-By-By-By-By-By-By-By-By-By-By-By-By-By-By-By-By-By-By-By-By-S-B-B-B-B-B-B-B-B-B-R-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B———–

Hazard Level

Medium

Vulnerability Type

访问控制错误

Affected Vendor

微软

Published

2026-01-13

Last Modified

2026-02-24

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20843

Patch

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20843

Share on: