How can I fix the Windows RasMan zero-day vulnerability before Microsoft updates?

Home » Cybersecurity » How can I fix the Windows RasMan zero-day vulnerability before Microsoft updates?

Table of Contents

Is your PC vulnerable to the new RasMan denial-of-service attack?
Understanding the Threat Landscape
The Origin of the Vulnerability
The New Discovery
Immediate Mitigation Strategy
Access and Cost
Implementation
Affected Configurations

Is your PC vulnerable to the new RasMan denial-of-service attack?

A new zero-day vulnerability currently threatens the Windows Remote Access Connection Manager (RasMan). This flaw allows attackers to crash the service through a Denial of Service (DoS) attack. No official CVE identifier exists yet. Microsoft has not released a patch. You remain vulnerable unless you apply third-party mitigation. ACROS Security provides a free solution. Their “micropatch” secures systems immediately.

Understanding the Threat Landscape

The Origin of the Vulnerability

Security researchers at ACROS Security identified this flaw while analyzing a previous issue. Microsoft released security updates on October 14, 2025, to address CVE-2025-59230. That specific vulnerability allowed local attackers to gain SYSTEM privileges. It carried a severity score of 7.8 (Important) and had seen active exploitation.

The New Discovery

While examining the fix for CVE-2025-59230, specialists found a secondary issue. The exploit code used to test the original vulnerability revealed a residual flaw. This unpatched weakness allows a non-privileged user to crash the RasMan service entirely. This disrupts remote connectivity services on the host machine.

Immediate Mitigation Strategy

You do not need to wait for Microsoft’s official update cycle. ACROS Security has released a micropatch via their 0patch platform. This lightweight fix injects an additional logic check into the RasMan process. This check prevents the crash sequence from executing.

Access and Cost

The developer has made this specific fix available to all users. This includes 0patch FREE, PRO, and Enterprise accounts. The patch remains free until Microsoft distributes an official remedy.

Implementation

If you currently use the 0patch agent, your system applies the fix automatically. Administrators managing Enterprise groups can block the update if necessary, though this is not recommended.

Affected Configurations

The vulnerability affects a broad spectrum of Windows environments. The micropatch supports the following fully updated versions:

Workstations:

Windows 11: Versions 21H2 through 25H2
Windows 10: Versions 1803 through 22H2
Windows 7: All updates (including those without ESU)

Servers:

Windows Server 2025
Windows Server 2022, 2019, 2016
Windows Server 2012 / 2012 R2: (including those without ESU)
Windows Server 2008 R2: (including those without ESU)

ACROS Security reports that 40% of their user base utilizes this protection on modern, supported systems like Windows 11 25H2. This demonstrates that third-party micropatching is a viable strategy for securing “supported” OS versions against zero-day threats, not just legacy systems.