The flaw, stemming from a NULL pointer dereference (CWE-476), was actively exploited in the wild before disclosure, earning an “Exploitation Detected” rating from Microsoft’s MSRC exploitability index.
RasMan, a core Windows component handling remote access connections like VPNs and dial-up, crashes when processing malformed data due to improper NULL pointer validation.
An unauthorized local attacker requires only local access, no elevated privileges or user interaction, to send crafted input, causing the service to dereference a NULL pointer and halt.
This leads to high availability impact, with the service failing to restart automatically in some cases, disrupting remote connectivity for users and servers.
Attackers exploit RasMan by triggering a vulnerable code path in rascustom.dll or related modules during connection negotiation. A simple local script or binary can flood the service with invalid packets, dereferencing uninitialized pointers. Proof-of-concept code remains unproven publicly (E:U), but 0patch researchers confirmed real-world exploitation.
The February 2026 Patch Tuesday (released February 10) addresses the issue across:
Microsoft mandates immediate patching, available via Windows Update or the Microsoft Update Catalog. Check support lifecycles for older OSes.
The 0patch vulnerability research team, in collaboration with 0patch by ACROS Security (0patch.com), discovered and reported the flaw through coordinated disclosure. Microsoft credits them in its acknowledgements.
Organizations should prioritize RasMan-exposed endpoints, enable automatic updates, and monitor for unusual service crashes. While local-only, insider threats or initial footholds (e.g., via phishing) heighten exposure. No workarounds exist beyond disabling RasMan, which breaks remote access.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Windows Remote Access Connection Manager 0-Day Vulnerability Let Attackers Trigger DoS Attack appeared first on Cyber Security News.
LANSING, MI (WOWO) Michigan is expanding its free pre-kindergarten initiative into home-based child care settings…
A Cursor AI coding agent powered by Anthropic’s Claude Opus 4.6 deleted the entire production…
FORT WAYNE, IND. (WOWO) Opposition is mounting to a proposed limestone quarry development in Allen…
INDIANAPOLIS, IND. (WOWO) Rural Indiana residents and state officials are confronting growing concerns over drone…
Former Assistant Commissioner Paul Raymond had no experience with the prison system when he started…
After a development handoff last year, construction will soon resume on one of the largest…
This website uses cookies.