Table of Contents
A major security flaw has been discovered in the Windows system, potentially exposing millions of users to crash risks. While Microsoft has not yet responded, a Slovenian company has taken the lead to offer a temporary solution. Here are the details of this vulnerability and the recommended measures to protect yourself.
The 3 must-know facts
In December 2025, ACROS Security researchers discovered a vulnerability in the Windows Remote Access Connection Manager (RASMan) service. This service is crucial for managing VPN connections and remote access on modern Windows systems. The flaw allows a malicious user to cause a system crash by forcing a memory access error.
The problem results from a coding error where a loop does not stop correctly, leading to a crash. This vulnerability, although it has not yet received an official CVE identifier, is already being exploited by malicious individuals online.
Faced with Microsoft’s inaction, ACROS Security took the initiative to develop a temporary fix for this flaw. Available via their 0patch platform, this fix is designed to be applied directly in memory, thus avoiding modifications to system files and the need to restart the computer.
The founder of ACROS Security, Mitja Kolsek, expressed his frustration with Microsoft’s lack of communication. He encourages users to register for free on 0patch Central to benefit from this fix while waiting for an official solution.
The discovery of this flaw becomes even more concerning when combined with the CVE-2025-59230 vulnerability, which allows privilege escalation. The latter requires RASMan to be stopped to be exploited, which the new flaw easily allows.
By combining these vulnerabilities, an attacker can impersonate the service and gain system privileges, thus turning the theoretical threat into a real and dangerous attack.
Microsoft, one of the largest technology companies in the world, has often faced security issues in its operating systems. Since the creation of the Windows system, the company has had to manage several critical vulnerabilities, sometimes exploited before an official fix was released.
Managing security flaws is a constant challenge for Microsoft, which must balance the speed of implementing fixes with the need to ensure the stability of its systems. However, the company has implemented bug bounty programs and other initiatives to encourage security researchers to report vulnerabilities responsibly.