Remote Access Connection Manager Archives

Winsage

February 12, 2026

February 2026 Patch Tuesday includes six actively exploited zero-days

Microsoft released security updates on the second Tuesday of each month, addressing 59 vulnerabilities this month, including six critical zero-day exploits. 1. CVE-2026-21510: Windows Shell security feature bypass vulnerability (CVSS score 8.8) allows attackers to circumvent Windows SmartScreen by tricking users into opening malicious links or shortcuts. 2. CVE-2026-21513: MSHTML Framework security feature bypass vulnerability (CVSS score 8.8) enables attackers to weaken browser protections by persuading users to open malicious HTML files or shortcuts. 3. CVE-2026-21514: Microsoft Word security feature bypass vulnerability (CVSS score 5.5) allows attackers to exploit untrusted inputs in malicious Word documents to execute blocked content. 4. CVE-2026-21519: Desktop Window Manager elevation of privilege vulnerability (CVSS score 7.8) allows low-privileged attackers to gain higher privileges without user interaction. 5. CVE-2026-21525: Windows Remote Access Connection Manager denial-of-service vulnerability (CVSS score 6.2) can be exploited by unauthenticated local attackers to crash the service without compromising confidentiality or integrity. 6. CVE-2026-21533: Windows Remote Desktop Services elevation of privilege vulnerability (CVSS score 7.8) allows local authenticated attackers to escalate privileges to SYSTEM without user interaction. Additionally, Azure users should be aware of two critical vulnerabilities with CVSS ratings of 9.8.

Winsage

February 11, 2026

Patch Tuesday, February 2026 Edition

Microsoft has released updates addressing over 50 vulnerabilities in its Windows operating systems and applications, including six critical zero-day vulnerabilities. 1. CVE-2026-21510: A security feature bypass in Windows Shell that allows execution of malicious content via a single click on a link, affecting all supported Windows versions. 2. CVE-2026-21513: Targets MSHTML, the web browser engine in Windows. 3. CVE-2026-21514: A security feature bypass in Microsoft Word. 4. CVE-2026-21533: Allows local attackers to gain SYSTEM level access in Windows Remote Desktop Services. 5. CVE-2026-21519: An elevation of privilege flaw in the Desktop Window Manager (DWM). 6. CVE-2026-21525: A potential denial-of-service threat in the Windows Remote Access Connection Manager. Additionally, the updates include fixes for remote code execution vulnerabilities affecting GitHub Copilot and various IDEs, specifically CVE-2026-21516, CVE-2026-21523, and CVE-2026-21256, which arise from a command injection flaw. Security experts emphasize the importance of safeguarding developers due to their access to sensitive data and recommend applying least-privilege principles.

Winsage

February 11, 2026

Microsoft fixes six actively exploited flaws in latest Windows 11 update

Microsoft's February 2026 Patch Tuesday addressed 59 vulnerabilities in Windows 11, with six confirmed as actively exploited. The most critical vulnerability is CVE-2026-21510, a Windows Shell security feature bypass with a CVSS rating of 8.8, allowing attackers to evade warnings by tricking users into opening malicious files. Another significant vulnerability, CVE-2026-21513, also rated at 8.8, affects MSHTML and allows remote attackers to bypass execution prompts through malicious code in HTML or shortcut files. CVE-2026-21514 impacts Microsoft Word and enables adversaries to disable OLE mitigations, posing risks through document-based attacks. Two local privilege escalation vulnerabilities are CVE-2026-21519 in Desktop Window Manager and CVE-2026-21533 in Windows Remote Desktop Services, with CVSS scores of 7.8. CVE-2026-21525 is a denial-of-service vulnerability in Remote Access Connection Manager. The update includes 53 additional vulnerabilities across various Microsoft products and services, with CVE-2026-21531 in Azure SDK rated at 9.8 and CVE-2026-20841 affecting Windows Notepad rated at 8.8. The cumulative update for Windows 11 (KB5077181) also includes enhancements and resolves WPA3 Wi-Fi connectivity issues. Microsoft reminded users of the June 2026 expiration of Secure Boot certificates, which requires timely updates to ensure secure booting. Users can install the updates via Windows Update.

Winsage

December 14, 2025

Windows Remote Access Connection Manager Vulnerabilities Let Attackers Escalate Privileges

On December 9, 2025, two privilege escalation vulnerabilities in the Windows Remote Access Connection Manager were identified as CVE-2025-62472 and CVE-2025-62474. Both vulnerabilities allow authorized attackers with minimal privileges to escalate their access to SYSTEM-level permissions. CVE-2025-62472 is due to mishandling of uninitialized resources and has a CVSS score of 7.8, classified as Important. CVE-2025-62474 results from inadequate access control mechanisms, also rated Important with a CVSS score of 7.8. Exploiting either vulnerability grants complete SYSTEM privileges, the highest level of access on Windows systems. Microsoft reported no public disclosures or active exploitation of these vulnerabilities at the time of the announcement. CVE-2025-62472 is assessed as “Exploitation More Likely,” while CVE-2025-62474 is “Exploitation Less Likely.” The vulnerabilities affect various Windows versions, including Windows Server editions from 2008 to 2025, and Windows 10 and 11 releases. Microsoft has issued security updates for all supported platforms, urging organizations to prioritize patching these vulnerabilities.

Winsage

December 12, 2025

New Windows RasMan zero-day flaw gets free, unofficial patches

Free unofficial patches are available for a newly identified Windows zero-day vulnerability that allows attackers to crash the Remote Access Connection Manager (RasMan) service, which operates with SYSTEM-level privileges and manages VPN and remote network connections. This denial-of-service flaw was discovered by ACROS Security while investigating a previously patched privilege escalation vulnerability (CVE-2025-59230) in RasMan. The new zero-day has not yet received a CVE ID and affects all Windows versions from Windows 7 to Windows 11, including Windows Server 2008 R2 through Server 2025. The vulnerability can be exploited by unprivileged users due to a coding error in how RasMan processes circular linked lists, leading to a crash when a null pointer is encountered. ACROS Security is providing free micropatches through its 0Patch service until Microsoft releases an official fix. Users must create an account and install the 0Patch agent to apply the micropatch automatically.