"A Microsoft zero-day vulnerability that allows an unprivileged user to crash the Windows Remote Access Connection Manager (RasMan) service now has a free, unofficial patch - with no word as to when Redmond plans to release an official one - along with a working exploit circulating online. Researchers from 0patch, the micropatching site, uncovered the denial-of-service (DoS) bug while investigating CVE-2025-59230, a Windows RasMan privilege escalation vulnerability that Redmond fixed in October, but not before attackers found and exploited the vulnerability."
"RasMan is a critical Windows service that manages VPN and other remote network connections, and CVE-2025-59230 allows an authorized attacker to elevate privileges locally and gain SYSTEM privileges. It essentially takes advantage of the fact that when RasMan is not running, any process can impersonate RasMan and execute code on an RPC endpoint - a condition the exploit depends on."
A zero-day allows an unprivileged user to crash the Windows Remote Access Connection Manager (RasMan) service and enables exploitation. 0patch researchers discovered a denial-of-service bug while examining CVE-2025-59230, a RasMan privilege escalation that previously allowed local elevation to SYSTEM and was fixed by Microsoft in October after attackers exploited it. The crash capability is used to stop RasMan and free an RPC endpoint that the privilege-escalation exploit depends on. The new crash vulnerability has not been assigned a CVE and remains unpatched across Windows versions. An unofficial free micropatch is available and a working exploit is publicly downloadable.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]