On February 10, 2026, Microsoft released urgent fixes for a zero-day vulnerability in the Windows Remote Access Connection Manager (RasMan) service This article explores rasman service vulnerability. . This vulnerability, known as CVE-2026-21525, is actively used in the wild to allow attackers to crash systems and interfere with remote connections.

RasMan is essential for networked environments because it manages remote access features like dial-up and VPNs. The bug is caused by a null pointer dereference (CWE-476), in which the service attempts to read a memory address that does not exist. Imagine a GPS app guiding a driver to a blank spot; this would cause the entire navigation to freeze. RasMan can be stopped and remote sessions can be terminated by attackers with local access (no administrator privileges are required).

A denial-of-service (DoS) situation is produced, which could cause servers to go down or users to be cut off from vital networks. It prevents code execution and data theft, but because of its "High" availability impact, it poses a serious risk to businesses. Microsoft's disclosure acknowledges exploitation and attributes the discovery to the 0patch research team.

The CVSS score sits at 6.2 (Base)/5.4 (Temporal), rated Moderate overall but serious for uptime-dependent ops.

Metric Specifics Vulnerability Name: Windows Remote Access Connection Manager CVE ID: CVE-2026-21525 Date of Denial of Service Vulnerability Publication: February 10, 2026 Denial of Service (DoS) Impact Maximum Severity Moderate Weakness CWE-476: Attack with NULL Pointer Dereference CVSS Score 6.2 (Base) / 5.4 (Temporal) Local Vector Privileges Necessary Systems Without Impact Windows 11 (23H2, 24H2, 25H2, 26H1), Windows 10 (1607, 1809, 21H2, 22H2), and Servers (2012, 2016, 2019, 2022, 2025). There are no workarounds; administrators must use Windows Update to apply patches right away. A null pointer read is forced when a local user creates distorted input for RasMan.

It is dereferenced by the service, which results in an unhandled exception and crash. Service is momentarily restored by restarting RasMan, but the DoS is maintained by persistent attacks. By probing RasMan's RPC interfaces, tools like fuzzers probably helped with discovery.

Install the February 10 patch by running Windows Update. Keep an eye out for RasMan crashes (Event ID 7024) in the event logs. Use Group Policy to restrict local logins on servers.

To identify questionable RasMan interactions, use endpoint detection. RasMan's historical vulnerability to vulnerabilities such as CVE-2021-24087, which also targeted it, is highlighted by this zero-day. Unpatched systems run the risk of outages due to ongoing attacks. Microsoft recommends deployment as a top priority; see MSRC for more information.

Keep an eye out; zero-days like this one serve as a reminder that patching is preferable to perfect security.