The Daily Patch
Back to News
vulnerability🌐InternationalLe Monde Informatique

Unofficial Patches Fix a Critical Vulnerability in Windows RasMan

Wednesday, December 17, 2025

Unofficial Patches Fix a Critical Vulnerability in Windows RasMan

What

A zero-day vulnerability was found in the RasMan service of Windows that allows for denial of service and privilege escalation.

Where

Affects all versions of Windows from Windows 7 to Windows 11 and Windows Server 2008 R2 to Server 2025 globally.

When

The vulnerability was discovered recently, with Microsoft expected to release a patch on January 13, 2026.

Key Factors

  • The vulnerability allows attackers to crash the RasMan service, which manages VPN and other remote connections.
  • It is triggered by a logical error in the code when processing commands.
  • Acros Security has provided unofficial patches for affected systems until Microsoft releases an official fix.

Takeaways

  • Organizations should apply the unofficial patches provided by Acros Security to mitigate the risk until an official fix is available.
  • This incident highlights the importance of timely patch management and the risks associated with critical system services.
  • Regularly review and update security policies to address emerging vulnerabilities and ensure systems are protected.
Read Full Article

Opens original article on Le Monde Informatique

Similar News

Over 10K Fortinet Firewalls Exposed to Actively Exploited 2FA Bypass

Over 10K Fortinet Firewalls Exposed to Actively Exploited 2FA Bypass

Kimwolf Botnet Exploits Residential Proxies to Infiltrate Home Networks

Kimwolf Botnet Exploits Residential Proxies to Infiltrate Home Networks

RondoDox Botnet Exploits Critical React2Shell Flaw in Next.js Servers

RondoDox Botnet Exploits Critical React2Shell Flaw in Next.js Servers

IBM API Connect Critical Authentication Bypass Disclosed

IBM API Connect Critical Authentication Bypass Disclosed