20251212-bleepingcomputer.com-0b3c8

< Back to index

New Windows RasMan zero-day flaw gets free, unofficial patches

Published:

12 December 2025 at 11:28:06

Alert date:

12 December 2025 at 12:01:07

Source:

bleepingcomputer.com

A new zero-day vulnerability has been discovered in Windows Remote Access Connection Manager (RasMan) service that allows attackers to crash the service. Free unofficial patches have been made available to address this security flaw. The vulnerability affects the RasMan service which is responsible for managing remote access connections in Windows systems. Since this is an unpatched zero-day vulnerability, systems remain at risk until official patches are released by Microsoft. The availability of unofficial patches provides a temporary mitigation option for administrators.

Technical details

The DoS zero-day vulnerability allows attackers to crash the Remote Access Connection Manager (RasMan) service. RasMan is a critical Windows system service that runs with SYSTEM-level privileges and manages VPN, PPPoE, and other remote network connections. The flaw is caused by a coding error in how RasMan processes circular linked lists. When the service encounters a null pointer while traversing a list, it attempts to read memory from that pointer rather than exiting the loop, causing a crash. When combined with CVE-2025-59230, it allows attackers to execute code by impersonating the RasMan service after crashing it.

Mitigation steps:

Install the free unofficial micropatch from ACROS Security's 0Patch micropatching service. To install: create an account and install the 0Patch agent, which will automatically apply the micropatch without requiring a restart unless blocked by custom policy. Wait for Microsoft's official patch in future Windows updates.

Affected products:

Windows 7
Windows 8
Windows 10
Windows 11
Windows Server 2008 R2
Windows Server 2012
Windows Server 2016
Windows Server 2019
Windows Server 2022
Windows Server 2025