Once again, Microsoft has released its monthly security updates. For May 2024, there are several vulnerabilities in services related to Always On VPN that administrators will want to pay close attention to. Microsoft has identified known issues in the Routing and Remote Access Service (RRAS) and the Remote Access Connection Manager (RasMan) service for this release cycle.
RRAS
This month, Microsoft published seven security fixes for vulnerabilities discovered in RRAS. All seven are Remote Code Execution (RCE) vulnerabilities rated Important. In addition, all vulnerabilities in RRAS require specific information about the environment for compromise, mitigating some of the exposure.
RasMan
In addition to the updates for vulnerabilities in RRAS, Microsoft also released a security fix for issues identified in the Remote Access Connection Manager (RasMan) service. This update is marked Important but is not an RCE.
Recommendations
Although the vulnerabilities in RRAS are remotely exploitable, they will require specific information for an attacker to compromise. The risk of targeted attacks is lower than opportunistic ones, but administrators are still urged to update as soon as possible.