Windows Remote Access Connection Manager 0-Day Vulnerability Let Attackers Trigger DoS Attack - CyberSecurityNews

Home Cyber Security News Windows Remote Access Connection Manager 0-Day Vulnerability Let Attackers Trigger DoS Attack Windows Remote Access Connection Manager 0-Day Vulnerability Microsoft has patched a zero-day vulnerability in the Windows Remote Access Connection Manager (RasMan) service, tracked as CVE-2026-21525, which allowed attackers to trigger denial-of-service (DoS) conditions on unpatched systems. The flaw, stemming from a NULL pointer dereference (CWE-476), was actively exploited in the wild before disclosure, earning an “Exploitation Detected” rating from Microsoft’s MSRC exploitability index. RasMan, a core Windows component handling remote access connections like VPNs and dial-up, crashes when processing malformed data due to improper NULL pointer validation. An unauthorized local attacker requires only local access, no elevated privileges or user interaction, to send crafted input, causing the service to dereference a NULL pointer and halt. This leads to high availability impact, with the service failing to restart automatically in some cases, disrupting remote connectivity for users and servers. Attackers exploit RasMan by triggering a vulnerable code path in rascustom.dll or related modules during connection negotiation. A simple local script or binary can flood the service with invalid packets, dereferencing uninitialized pointers. Proof-of-concept code remains unproven publicly (E:U), but 0patch researchers confirmed real-world exploitation. The February 2026 Patch Tuesday (released February 10) addresses the issue across: Windows 11 26H1 (x64/ARM64): KB5077179, build 10.0.28000.1575 Windows Server 2012 R2 (Core/Full): KB5075970, build 6.3.9600.23022 Windows Server 2012 (Core): KB5075971, build 6.2.9200.25923 Microsoft mandates immediate patching, available via Windows Update or the Microsoft Update Catalog. Check support lifecycles for older OSes. The 0patch vulnerability research team, in collaboration with 0patch by ACROS Security (0patch.com), discovered and reported the flaw through coordinated disclosure. Microsoft credits them in its acknowledgements. Organizations should prioritize RasMan-exposed endpoints, enable automatic updates, and monitor for unusual service crashes. While local-only, insider threats or initial footholds (e.g., via phishing) heighten exposure. No workarounds exist beyond disabling RasMan, which breaks remote access. Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories. RELATED ARTICLESMORE FROM AUTHOR Cyber Security Authorities Disrupt IoT Botnet Infrastructure Behind Record-Breaking 30 Tbps DDoS Attacks Cyber Security News CISA Warns of Zimbra Collaboration Suite Vulnerability Exploited in Attacks Cyber Security News CISA Urges Organizations to Secure Microsoft Intune Environments Following Stryker Breach Top 10 Essential E-Signature Solutions for Cybersecurity in 2026 January 31, 2026 Top 10 Best Data Removal Services In 2026 January 29, 2026 Best VPN Services of 2026: Fast, Secure & Affordable January 26, 2026 Top 10 Best Data Security Companies in 2026 January 23, 2026 Top 15 Best Ethical Hacking Tools – 2026 January 15, 2026