CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Mar 3, 2026
Description
Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.
EPSS — Exploit Probability
Higher than 87.2% of all CVEs
Required Action
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21525
Related Articles (2)
Patch Tuesday, February 2026 Edition
Microsoft today released updates to fix more than 50 security holes in its Windows operating systems and other software, including patches for a whopping six "zero-day" vulnerabilities that attackers are already exploiting in the wild.
Feb 10, 2026
Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws
Today is Microsoft's March 2026 Patch Tuesday with security updates for 79 flaws, including 2 publicly disclosed zero-day vulnerabilities.
Mar 10, 2026
Risk Assessment
ELEVATEDDetails
- Severity
- High
- EPSS
- 3.4%
- CISA KEV
- Yes
- Ransomware
- Unknown
- Articles
- 2
Timeline
Published
Feb 10, 2026
Added to KEV
Feb 10, 2026
Remediation Due
Mar 3, 2026