Microsoft Windows RRAS Information Disclosure Vulnerability

A vulnerability in Windows Routing and Remote Access Service (RRAS) allows unauthorized attackers to disclose sensitive information over the network. This issue affects multiple versions of Windows Server, including 2012, 2008 R2, 2016, 2022, 2019, and 2025. The vulnerability arises from the exposure of heap memory, which could potentially be read by an attacker.

Impact

Exploitation of this vulnerability could lead to unauthorized information disclosure, allowing an attacker to read portions of heap memory.

Remediation

Users can apply the security updates provided by Microsoft for this vulnerability. These security updates are available through the Microsoft Update Catalog. Specific update details can be found in the Microsoft Knowledge Base articles KB5062597, KB5062592, KB5062632, KB5062619, KB5062560, KB5062553, KB5062570, KB5062572, and KB5062557.