A newly discovered zero-day vulnerability in the Windows Remote Access Connection Manager (RasMan) service allows attackers to crash the critical system component. The flaw, discovered by ACROS Security, affects all versions of Windows from Windows 7 through Windows 11 and their corresponding server editions. It stems from a coding error where the service improperly handles a null pointer while processing a circular linked list, leading to a denial-of-service condition.
This DoS vulnerability is particularly dangerous when combined with a previously patched privilege escalation flaw, CVE-2025-59230. Attackers can now crash the RasMan service on demand, reopening an attack path that Microsoft believed it had closed in October. Microsoft has acknowledged the issue and plans to address it in a future update but states that systems patched for CVE-2025-59230 are protected from privilege escalation.
In the interim, ACROS Security is offering free unofficial micropatches for the flaw through its 0patch platform. These patches are available to all users and can be applied by installing the 0patch agent, which automatically deploys the fix without requiring a system reboot. This provides a crucial temporary defense until Microsoft releases an official security update.
Read more...