Microsoft RasMan DoS 0-day gets unofficial patch - and a working exploit

A Microsoft zero-day vulnerability that allows an unprivileged user to crash the Windows Remote Access Connection Manager (RasMan) service now has a free, unofficial patch - with no word as to when Redmond plans to release an official one - along with a working exploit circulating online.

Researchers from 0patch, the micropatching site, uncovered the denial-of-service (DoS) bug while investigating CVE-2025-59230, a Windows RasMan privilege escalation vulnerability that Redmond fixed in October, but not before attackers found and exploited the vulnerability.

RasMan is a critical Windows service that manages VPN and other remote network connections, and CVE-2025-59230 allows an authorized attacker to elevate privileges locally and gain SYSTEM privileges. It essentially takes advantage of the fact that when RasMan is not running, any process can impersonate RasMan and execute code on an RPC endpoint - a condition the exploit depends on.

The exploit is freely downloadable, so one can assume it has been ...