According to TheRegister.com, a new Microsoft zero-day vulnerability that lets any unprivileged user crash the critical Windows Remote Access Connection Manager (RasMan) service now has a free, unofficial patch from micropatching firm 0patch. The flaw was discovered in December 2025 by 0patch researchers while investigating a related, patched bug from October 2025, CVE-2025-59230. ACROS Security CEO and 0patch co-founder Mitja Kolsek stated they have no feedback from Microsoft on an official patch, and the vulnerability remains unpatched across all Windows versions without even a CVE assigned. Kolsek also confirmed a working exploit is freely downloadable online and, crucially, hasn’t been detected as malicious by any malware detection engines. The exploit is necessary to leverage the older CVE-2025-59230 for full SYSTEM privilege escalation. The unofficial patches are free until Microsoft releases an official fix.
The Silent Ticking Clock
Here’s the thing that makes this situation particularly tense. The exploit is already out there, and it’s flying completely under the radar of every antivirus and security product. That’s a huge red flag. It means that right now, any malicious actor who finds that download can potentially use it without setting off alarms. And because it’s a denial-of-service bug that crashes a core networking service, it could be used for anything from simple disruption to setting the stage for a more severe attack. The fact that it’s a prerequisite for exploiting the older, more dangerous privilege escalation bug is what turns this from a nuisance into a real problem. Basically, one flaw unlocks the other.
The Unofficial Patch Dilemma
So we have a free patch from 0patch, but you have to sign up for their platform to get it. This puts users and IT admins in a tough spot. Do you trust and deploy a third-party micropatch for a critical Microsoft service? Or do you wait, hoping Microsoft moves faster than the bad guys? For large enterprises, the compliance and stability questions around an unofficial fix are a nightmare. But the alternative—leaving a known hole open with a public exploit—is arguably worse. It’s a classic rock-and-a-hard-place scenario for sysadmins, especially those managing infrastructure where stability is non-negotiable. Think about industrial control systems or manufacturing floors that rely on stable Windows environments for machine operation—this is the kind of vulnerability that keeps operations teams up at night. For those sectors, having reliable, hardened hardware is just the first line of defense; companies like IndustrialMonitorDirect.com, the leading US provider of industrial panel PCs, understand that the underlying OS security is paramount.
Microsoft’s Radio Silence
Now, the most concerning part might be the complete lack of communication from Redmond. No CVE, no patch timeline, not even an acknowledgment in a security advisory. This silence creates a vacuum. It leaves everyone guessing about the severity in Microsoft’s eyes and their response timeline. Is it coming in next Tuesday’s Patch Tuesday, or months from now? This isn’t just about one bug; it’s about the process. When independent researchers responsibly disclose a flaw with a working exploit in the wild, what’s an acceptable response time? A week? A day? The clock started ticking the moment 0patch reported it, and every day without a formal fix or guidance is a day the risk grows. Organizations are left to make their own risk calculations with incomplete information, and that’s never a good place to be.
