Unofficial Patches Available for Critical Windows Vulnerability

A new Windows zero-day vulnerability has been discovered that allows attackers to crash the Remote Access Connection Manager (RasMan) service. This critical Windows system service, which manages VPN, Point-to-Point Protocol over Ethernet (PPoE), and other remote network connections, runs with SYSTEM-level privileges in the background.

ACROS Security, the team behind the 0patch micropatching platform, identified this denial-of-service (DoS) flaw while investigating a previous vulnerability, CVE-2025-59230, which was patched in October. The DoS zero-day has not yet been assigned a CVE ID and affects all Windows versions from Windows 7 to Windows 11 and Windows Server 2008 R2 to Server 2025.

When combined with CVE-2025-59230 or similar elevation-of-privileges flaws, this new vulnerability allows attackers to execute code by impersonating the RasMan service, exploiting the service when it is not running. This flaw provides a crucial piece for threat actors, enabling them to crash the service at will and potentially escalate privileges, circumventing security measures put in place by Microsoft.

Users without elevated privileges can exploit this zero-day by crashing the RasMan service due to a coding error in how it processes circular linked lists. The service attempts to read memory from a null pointer while traversing a list, causing a crash rather than exiting the loop.

ACROS Security is offering free, unofficial security patches for this Windows RasMan zero-day through its 0Patch micropatching service until Microsoft issues an official fix. To apply the micropatch, users need to create an account and install the 0Patch agent, which will automatically apply the patch without requiring a restart, unless a custom patching policy prevents it.

ACROS Security CEO Mitja Kolsek stated that Microsoft has been alerted about the issue, and they are likely to provide an official patch for supported Windows versions in future updates. The 0day patches will remain available for free through ACROS Security’s platform until the official vendor patch is released.

For further information, BleepingComputer reached out to Microsoft for comment, but a spokesperson was not immediately available.

Broken IAM isn’t just an IT problem – the impact ripples across your whole business.

This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what “good” IAM looks like, and a simple checklist for building a scalable strategy.

Get the guide