惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

F
Fortinet All Blogs
宝玉的分享
宝玉的分享
酷 壳 – CoolShell
酷 壳 – CoolShell
T
The Exploit Database - CXSecurity.com
Help Net Security
Help Net Security
腾讯CDC
Project Zero
Project Zero
C
CXSECURITY Database RSS Feed - CXSecurity.com
IT之家
IT之家
C
Cyber Attacks, Cyber Crime and Cyber Security
T
Tailwind CSS Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
D
Darknet – Hacking Tools, Hacker News & Cyber Security
L
LINUX DO - 最新话题
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
T
Threatpost
N
News | PayPal Newsroom
C
Cybersecurity and Infrastructure Security Agency CISA
Hacker News - Newest:
Hacker News - Newest: "LLM"
S
SegmentFault 最新的问题
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
P
Proofpoint News Feed
A
Arctic Wolf
B
Blog RSS Feed
Forbes - Security
Forbes - Security
P
Privacy & Cybersecurity Law Blog
Attack and Defense Labs
Attack and Defense Labs
V2EX - 技术
V2EX - 技术
P
Proofpoint News Feed
I
Intezer
Application and Cybersecurity Blog
Application and Cybersecurity Blog
阮一峰的网络日志
阮一峰的网络日志
aimingoo的专栏
aimingoo的专栏
T
Tenable Blog
MyScale Blog
MyScale Blog
U
Unit 42
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
WordPress大学
WordPress大学
W
WeLiveSecurity
D
DataBreaches.Net
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
G
GRAHAM CLULEY
有赞技术团队
有赞技术团队
Martin Fowler
Martin Fowler
罗磊的独立博客
The Last Watchdog
The Last Watchdog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
V
Vulnerabilities – Threatpost
美团技术团队
Microsoft Security Blog
Microsoft Security Blog

The Register - Security: Patches

Cisco SD-WAN make-me-root bug under attack Ivanti tells Sentry customers to patch now as critical bugs hit 10.0 and 9.9 AI is making Patch Tuesday (kinda) fun again Anthropic to release Mythos-class models to the public Clear your calendar, Drupal user: You have a critically urgent patch to install Welcome to the vulnpocalypse, as vendors use AI to find bugs and patches multiply like rabbits Doozy of a Patch Tuesday includes 30 critical Microsoft CVEs Critical cPanel, WHM flaw probs exploited as 0-day, pros say Microsoft patch fell short. New Windows flaw exploited More Cisco SD-WAN bugs battered in attacks Critical Fortinet sandbox bugs allow auth bypass and RCE Ancient Excel bug comes out of retirement for active attacks Microsoft's massive Patch Tuesday: It's raining bugs Ransomware scum, other crims exploit 4 old Microsoft bugs Attackers exploited the FortiClient EMS bug as a 0-day Citrix NetScaler bug may be multiple flaws in one Ransomware crims abused Cisco 0-day weeks before disclosure Google rushes Chrome update to fix zero-days under attack CISA warns max-severity n8n bug is being exploited in the wild Cisco warns of two more SD-WAN bugs under active attack LexisNexis Legal & Professional confirms data breach Five Eyes warn: Patch your Cisco SD-WAN or risk root takeover Patch these 4 critical, make-me-root SolarWinds bugs ASAP Attacker gets into France's DB listing all bank accounts CISA gives feds 3 days to patch actively exploited Dell bug CISA gives feds 3 days to patch actively exploited Dell bug Google fixes exploited Chrome CSS zero-day Critical Microsoft bug from 2024 under exploitation Apple patches decade-old iOS zero-day exploited in the wild Microsoft's Valentine's gift to admins: 6 zero-day fixes Microsoft's Valentine's gift to admins: 6 zero-day fixes Critical SolarWinds Web Help Desk bug under attack Critical React Native Metro dev server bug under attack Critical React Native Metro dev server bug under attack OpenClaw patches one-click RCE as security Whac-A-Mole continues Ivanti's January bad luck continues as 0-days hit customers Critical VMware vCenter Server bug under attack Critical VMware vCenter Server bug under attack FortiGate SSO bug still exploitable despite December patch Ancient telnet bug happily hands out root to attackers Cisco plugs up Unified Comms zero-day under active exploit Cloudflare whacks WAF bypass bug that opened side door Cloudflare whacks WAF bypass bug that opened side door Anthropic quietly fixed flaws in its Git MCP server Sorry Dave, I’m afraid I can’t do that! PCs refuse to shut down after Microsoft patch Patch Tuesday update makes Windows PCs refuse to shut down Cisco finally fixes max-severity bug under active attack for weeks Cisco finally fixes max-severity bug under attack for weeks Windows info-disclosure 0-day bug gets a fix as CISA sounds alarm Python libraries in AI/ML models can be poisoned w metadata Python libraries in AI/ML models can be poisoned w metadata Ruh-roh, there's a Cisco ISE bug POC on the loose Ruh-roh, there's a Cisco ISE bug POC on the loose CISA flags exploited Office relic alongside fresh HPE flaw Critical n8n bug allows unauthenticated server takeover Logitech mouse mayhem traced to expired dev certificate 'Heartbleed of MongoDB' under active exploit Microsoft fixes Message Queuing issue in new update Microsoft fixes Message Queuing issue in new update Critical-rated WatchGuard Firebox flaw under active attack HPE OneView RCE bug scores a perfect 10 Apple, Google forced to issue emergency 0-day patches Microsoft RasMan 0-day gets an unofficial patch and exploit New React vulns leak secrets, invite DoS attacks Google fixes super-secret 8th Chrome 0-day Microsoft fixes Windows shortcut flaw exploited for years Microsoft fixes Windows shortcut flaw exploited for years Two Android 0-day bugs patched, plus 105 more fixes Fortinet finally cops to critical bug under active exploit Cisco warns of 'new attack variant' battering firewalls Docker Compose vulnerability opens door to host-level writes Microsoft issues out-of-band patch for critical WSUS flaw Vulnerable Rust crate exposes uv Python packager Oracle rushes out another emergency E-Business Suite patch 50K Cisco firewalls remain vulnerable to advanced attacks Exploits using GoAnywhere perfect-10 bug confirmed Critical Cisco firewall holes under active attack SonicWall releases rootkit-busting firmware update SolarWinds patches critical RCE - for the third time Fortra discloses 10/10 severity bug in GoAnywhere MFT OpenAI plugs ShadowLeak bug in ChatGPT Google pushes emergency patch for Chrome 0-day Apple backports patch to older kit after 0-day exploitation
Microsoft RasMan DoS 0-day gets unofficial patch - and a working exploit
2025-12-13 · via The Register - Security: Patches

A Microsoft zero-day vulnerability that allows an unprivileged user to crash the Windows Remote Access Connection Manager (RasMan) service now has a free, unofficial patch - with no word as to when Redmond plans to release an official one - along with a working exploit circulating online.

Researchers from 0patch, the micropatching site, uncovered the denial-of-service (DoS) bug while investigating CVE-2025-59230, a Windows RasMan privilege escalation vulnerability that Redmond fixed in October, but not before attackers found and exploited the vulnerability.

RasMan is a critical Windows service that manages VPN and other remote network connections, and CVE-2025-59230 allows an authorized attacker to elevate privileges locally and gain SYSTEM privileges. It essentially takes advantage of the fact that when RasMan is not running, any process can impersonate RasMan and execute code on an RPC endpoint - a condition the exploit depends on.

The exploit is freely downloadable, so one can assume it has been and will be obtained by many interested parties, possibly including malicious actors

"Consequently, a working exploit must therefore be able to (also) stop the RasMan service to release said RPC endpoint," ACROS Security CEO and 0patch co-founder Mitja Kolsek said in a Friday blog. "And this was the second, non-obvious vulnerability that the CVE-2025-59230 exploit we had found utilizes: one that allows an unprivileged user to crash the RasMan service. Without this capability, CVE-2025-59230 could hardly be exploited." 

This new vulnerability hasn't yet been assigned a CVE and remains unpatched across all Windows versions. While Kolsek said he alerted the Windows giant about the security hole, "we have no feedback on patching from Microsoft," he told The Register.

We also reached out to Microsoft about assigning a CVE and issuing a patch and didn't receive a response.

Kolsek told us that, while his company has no evidence of this zero-day being exploited in the wild, "we did find a working exploit on the internet that has not been detected as malicious by any malware detection engines. The exploit is freely downloadable, so one can assume it has and will be obtained by many interested parties, possibly including malicious actors."

The flaw, as Kolsek explained in the blog, is due to a coding issue in processing circular linked lists. The service traverses the list in a loop, and it's supposed to exit once the list has been traversed - but it can't exit the loop if the pointer is null.

"This causes memory access violation and crashes the RasMan service," Kolsek wrote.

The patch, and all of those pushed by 0patch, are free until and unless the vendor - Microsoft, in this case - issues an official patch. To get it, you must sign up for a free trial at 0patch Central. ®

Updated to add at 2230 GMT on December 15, 2025

After publication, a Microsoft spokesperson told The Register: "We are aware of the denial-of-service issue as reported and will address this in a future fix. Customers who have applied the October patches for CVE-2025-59230 are protected against exploitation of the issue for Elevation of Privilege (EoP)."