Positive Technologies Helped Fix a Vulnerability in Windows

Red Dog Security

29 Jul 2025 — 1 min read

A critical Windows vulnerability affecting dozens of Microsoft products has been patched with help from Positive Technologies’ research team. The flaw—tracked as CVE-2025-47955 and rated 7.8 on the CVSS scale—was discovered by Sergey Bliznyuk, a specialist with the PT SWARM vulnerability research unit.

Vulnerability Overview

CVE-2025-47955 impacted 37 Microsoft products, including current desktop and server editions of Windows. The vulnerability enabled local privilege escalation, allowing attackers to gain System-level access and potentially pivot deeper into a compromised network.

The flaw was found in Remote Access Connection Manager (RasMan), a core Windows service used for managing VPN connections. Successful exploitation would let an attacker execute arbitrary code, install unauthorized software, or deploy malware.

Affects Windows 10, 11, and 19 Server Editions

The vulnerability spans a wide range of Windows systems:

Windows 10 and Windows 11
19 versions of Windows Server, including Windows Server 2025 and 2022

Bliznyuk noted the widespread use of these systems in enterprise environments:

"This vulnerability is particularly dangerous for corporate networks. If the patch is not applied, an attacker would only need access to an employee’s non-administrator computer or a low-privilege terminal server to gain maximum privileges on it,"
— Sergey Bliznyuk, Senior Penetration Testing Specialist, Positive Technologies

These systems are commonly deployed in corporate IT, cloud infrastructure, and data center environments, making the risk especially significant.

Mitigation and Recommendations

Microsoft has addressed the issue through its monthly security updates. Users and system administrators are urged to install the latest patches immediately.

If patching is not feasible—due to legacy systems or change management constraints—experts strongly recommend disabling the Remote Access Connection Manager service, which is enabled by default in all affected operating systems.

This case highlights the critical role of independent security researchers in identifying and mitigating threats before they are exploited. Positive Technologies’ contribution helped close a serious gap in one of the world’s most widely used operating systems—before it could be weaponized at scale.

The s1ngularity Attack Affected 2,180 GitHub Accounts

Specialists from Wiz have published new details on the recent s1ngularity attack targeting the open-source build system NX. The incident exposed data from 2,180 GitHub accounts and compromised more than 7,200 repositories, making it one of the largest supply chain breaches seen this year. What Is NX? NX

iCloud Calendar Is Being Exploited to Send Phishing Emails from Apple’s Servers

Invitations sent through iCloud Calendar are being weaponized to deliver phishing emails disguised as purchase notifications—sent directly from Apple’s own mail servers. This tactic significantly increases the chances of bypassing spam filters. A Familiar Scam with a New Twist According to Bleeping Computer, a reader recently shared a

Hacked npm Packages Downloaded More Than 2.6 Billion Times Weekly

Researchers are warning of what may be the largest supply chain attack in history. Attackers injected malware into several of the most widely used npm packages—collectively downloaded more than 2.6 billion times each week. The breach was made possible when hackers compromised a maintainer’s account through a

Google May Make AI Mode in Search Available by Default

Google is preparing to give users more control over its AI-powered search experience by allowing “AI mode” to be set as the default—potentially replacing traditional link-based results. What AI Mode Does AI mode is a version of Google Search that uses large language models (LLMs) to generate summaries of