Tag: 0patch
-
Unpatched RasMan Zero-Day Allows Local System Takeover via DoS Crash and RPC Spoofing
The 0patch team has reported that while analyzing CVE-2025-59230 in the Windows Remote Access Connection Manager (RasMan)—a flaw Microsoft addressed with its October 2025 updates—researchers uncovered a working exploit that enables local code execution as Local System from an unprivileged user account. Alongside it, however, they identified a second issue: the exploit relied on a…
-
Windows RasMan Zero-Day: New DoS Flaw Crashes Service, Unofficial Fix Available
A newly discovered flaw in the Windows Remote Access Connection Manager (RasMan) service allows the operating system to be disrupted without administrative privileges. A free, unofficial fix is already available, while Microsoft prepares its own official remedy. RasMan is a core Windows service that starts automatically, runs with SYSTEM privileges, and manages VPN, PPPoE, and…
-
Microsoft Finally Patches LNK Flaw (CVE-2025-9491) Exploited by Spies Since 2017
Microsoft has quietly patched a long-standing flaw in Windows that had been exploited in real-world attacks for several years. The fix arrived in the November Patch Tuesday release, even though the company had previously shown little urgency in addressing the issue. The development came to light through data from 0patch, which reported that various threat…