Tracked as CVE-2026-21525, this flaw is actively exploited in the wild, letting attackers crash systems and disrupt remote connections.
RasMan handles remote access features like VPNs and dial-up, making it vital for networked environments.
The bug stems from a null pointer dereference (CWE-476), where the service tries to read a nonexistent memory address, think of a GPS app directing a driver to a blank location, causing the whole navigation to freeze.
Attackers with local access (no admin rights needed) can trigger repeated crashes, halting RasMan and knocking out remote sessions.
This creates a denial-of-service (DoS) scenario, potentially sidelining servers or disconnecting users from critical networks.
While it doesn’t allow code execution or data theft, the “High” availability impact makes it a real threat for enterprises.
Microsoft’s disclosure confirms exploitation, crediting the 0patch research team for discovery. The CVSS score sits at 6.2 (Base)/5.4 (Temporal), rated Moderate overall but serious for uptime-dependent ops.
| Metric | Detail |
|---|---|
| CVE ID | CVE-2026-21525 |
| Vulnerability Name | Windows Remote Access Connection Manager Denial of Service Vulnerability |
| Release Date | Feb 10, 2026 |
| Impact | Denial of Service (DoS) |
| Max Severity | Moderate |
| Weakness | CWE-476: NULL Pointer Dereference |
| CVSS Score | 6.2 (Base) / 5.4 (Temporal) |
| Attack Vector | Local |
| Privileges Required | None |
Affected systems span Windows 10 (versions 1607, 1809, 21H2, 22H2), Windows 11 (23H2, 24H2, 25H2, 26H1), and Servers (2012, 2016, 2019, 2022, 2025). No workarounds exist; admins must deploy patches via Windows Update immediately.
A local user crafts malformed input to RasMan, forcing a null pointer read. The service dereferences it, triggering an unhandled exception and crash.
Restarting RasMan restores service temporarily, but repeated attacks sustain the DoS. Tools like fuzzers likely aided discovery, probing RasMan’s RPC interfaces.
This zero-day highlights RasMan’s long-standing exposure to past flaws like CVE-2021-24087, which also targeted it.
With attacks ongoing, unpatched systems risk outages. Microsoft urges priority deployment; check MSRC for details.
Stay vigilant, zero-days like this remind us that patching beats perfect security.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.
The post Windows Remote Access Connection Manager Zero-Day Enables DoS Attacks appeared first on Cyber Security News.
LANSING, MI (WOWO) Michigan is expanding its free pre-kindergarten initiative into home-based child care settings…
A Cursor AI coding agent powered by Anthropic’s Claude Opus 4.6 deleted the entire production…
FORT WAYNE, IND. (WOWO) Opposition is mounting to a proposed limestone quarry development in Allen…
INDIANAPOLIS, IND. (WOWO) Rural Indiana residents and state officials are confronting growing concerns over drone…
Former Assistant Commissioner Paul Raymond had no experience with the prison system when he started…
After a development handoff last year, construction will soon resume on one of the largest…
This website uses cookies.