Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
microsoft has released an out-of-band patch update, KB5084597to fix three remote code execution vulnerabilities in the Windows Routing and Remote Access Service (RRAS) management tool. The update is aimed at Windows 11 Enterprise devices enrolled in the hotpatch program that did not receive the fixes through the standard March 2026 Patch Tuesday cumulative update.
The three vulnerabilities are tracked as CVE-2026-25172, CVE-2026-25173and CVE-2026-26111. All three were addressed in the March 10 Patch Tuesday release for standard Windows 11 devices.
How attackers can exploit these RRAS vulnerabilities
According to Microsoft’s advisory, an attacker authenticated to the domain could exploit these flaws by tricking a domain-joined user into sending a request to a malicious server via the RRAS plugin. Successful exploitation allows remote code execution on the affected device.
Microsoft says the issue applies only to enterprise client devices running patch updates and used for remote server management.
Why a separate patch was needed
Standard cumulative updates require a device restart to apply fixes. Hotpatch updates work differently: they apply vulnerability fixes via in-memory patches to running processes, allowing the fix to take effect immediately without requiring a reboot. Patched files are also written to disk so that the fixes persist after the next scheduled reboot.
This approach is designed for mission-critical devices where unscheduled reboots are not practical. Microsoft notes that it had previously released hotfixes for these same vulnerabilities, but republished KB5084597 to ensure coverage for all affected scenarios.
Affected Windows 11 versions and deployment
The update applies to Windows 11 versions 24H2 and 25H2, as well as Windows 11 Enterprise LTSC 2024. KB5084597 is cumulative and includes all fixes from the March 2026 security update.
Hotpatch will only be offered to devices enrolled in the hotpatch update program and managed through Windows Autopatch. On registered devices, installation is automatic and does not require a reboot. Devices not enrolled in the program received the fix via the standard Patch Tuesday update on March 10.
