CVE-2026-21525 - Microsoft Windows NULL Pointer Dereference Vulnerability
Project:Microsoft
Product:Windows
Date Added:2026-02-10Due Date:2026-03-03Last Updated:February 10, 2026
Vulnerability Name
Microsoft Windows NULL Pointer Dereference Vulnerability
Description
Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525
https://nvd.nist.gov/vuln/detail/CVE-2026-21525
Related News Articles
Microsoft Patches 59 Vulnerabilities Including Six Actively Exploited Zero-DaysFebruary 11, 2026