ACROS Security has launched free unofficial patches for a zero-day vulnerability affecting the Windows Remote Access Connection Manager (RasMan). This vulnerability allows attackers to crash the RasMan service across several Windows versions.
Scope of Vulnerability
The newly discovered issue affects all Windows versions from Windows 7 to Windows 11 and Windows Server 2008 R2 to Server 2025. The zero-day flaw enables attackers to crash the RasMan service by exploiting a coding error in processing circular linked lists.
- ACROS discovered the flaw during a similar privilege-escalation vulnerability analysis.
- The vulnerability impacts SYSTEM-level privilege processes in Windows.
- All Windows users from version 7 onwards may be affected.
- The DoS issue can facilitate code execution when used with CVE-2025-59230.
Mitigation Measures
ACROS offers a micropatch through its 0Patch service to secure affected systems until Microsoft releases an official fix. Users need to create an account and apply the micropatch through the 0Patch agent, requiring no reboot unless blocked by custom policies.
ACROS Security CEO stated they have informed Microsoft, who plans to address the flaw in future updates. Meanwhile, ACROS includes this patch in its free plan to bridge security gaps.
