The Bitvise SSH Server (formerly WinSSHD) version 8.48 was released on May 24, 2021
The Consequence: Since the Bitvise service runs with Local System privileges, a low-level user can gain full administrative control of the machine. Version 8.48 will warn you about this during installation, but it cannot fix the permissions for you. 3. Known Stability Issues in v8.48 bitvise winsshd 848 exploit
Local Privilege Escalation (LPE): If installed in a non-default directory (like D:\Programs), insecure parent permissions could allow non-admin users to rename or modify Bitvise files, leading to full system compromise. The Bitvise SSH Server (formerly WinSSHD) version 8
SCP Subsystem Abort: Prior to the 8.48 update, failures during SCP file uploads (like write errors) would cause the entire transfer subsystem to crash abruptly instead of reporting an error. Known Stability Issues in v8
Bitvise WinSSHD has long been the unsung hero of Windows remote administration. While OpenSSH felt like a Unix alien grafted onto NTFS, WinSSHD was native, enterprise-grade, and famously secure. Sysadmins trusted it to expose their Windows servers to the internet over port 22.