A Microsoft zero-day vulnerability that allows an unprivileged user to crash the Windows Remote Access Connection Manager (RasMan) service now has a free, unofficial patch - with no word as to when Redmond plans to release an official one - along with a working exploit circulating online.

Researchers from 0patch, the micropatching site, uncovered the denial-of-service (DoS) bug while investigating CVE-2025-59230 , a Windows RasMan privilege escalation vulnerability that Redmond fixed in October, but not before attackers found and exploited the vulnerability.

RasMan is a critical Windows service that manages VPN and other remote network connections, and CVE-2025-59230 allows an authorized attacker to elevate privileges locally and gain SYSTEM privileges. It essentially takes advantage of

See Full Page