Microsoft has released urgent security updates to address a zero-day vulnerability in the Windows Remote Access Connection Manager (RasMan).
Assigned the identifier CVE-2026-21525, this flaw is currently being exploited in the wild, meaning attackers were using it to target systems before a fix was available.
The vulnerability affects a wide range of Microsoft operating systems, including Windows 10, Windows 11, and Windows Server versions from 2012 to 2025.
Remote Access Connection Manager Zero-Day
The vulnerability is technically classified as a Null Pointer Dereference (CWE-476).
In simple terms, this error occurs when a computer program attempts to read from a nonexistent memory address, specifically, a value of “null” or zero.
| Metric | Detail |
|---|---|
| CVE ID | CVE-2026-21525 |
| Vulnerability Name | Windows Remote Access Connection Manager Denial of Service Vulnerability |
| Release Date | Feb 10, 2026 |
| Impact | Denial of Service (DoS) |
| Max Severity | Moderate |
| Weakness | CWE-476: NULL Pointer Dereference |
| CVSS Score | 6.2 (Base) / 5.4 (Temporal) |
Imagine a delivery driver (the software) who is given a package with a blank address label.
When the driver tries to read the label to determine the destination, they don’t know where to go and stop working.
In the computer world, when the RasMan service tries to access this “blank” memory location, it crashes.
This crash stops the service entirely, which is why it is classified as a Denial-of-Service (DoS) vulnerability.
According to the Microsoft disclosure, an attacker with local access to a machine can exploit this flaw to crash the RasMan service repeatedly.
While the attacker does not need special administrative privileges to trigger the crash, they do need to be logged onto the system (a “Local” attack vector).
The impact is rated as “High” for availability because exploiting this bug can disrupt all remote connections, potentially knocking a server offline or disconnecting users from vital networks.
Microsoft has credited the 0patch vulnerability research team for discovering this issue.
Because the flaw is confirmed to be exploited, administrators are urged to apply the security updates immediately. Patches are available for:
- Windows 11 (Versions 23H2, 24H2, 25H2, 26H1)
- Windows 10 (Versions 1607, 1809, 21H2, 22H2)
- Windows Server (2012, 2016, 2019, 2022, 2025)
Users should look for the February 10, 2026, security update in Windows Update to ensure their systems are protected against this active threat.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google
