Article Title:
Microsoft Releases Emergency Patch for Critical Windows 11 RRAS Vulnerabilities
On March 13, 2026, Microsoft issued an out-of-band hotpatch update, KB5084597, targeting Windows 11 versions 24H2 and 25H2. This urgent release addresses three critical security vulnerabilities within the Windows Routing and Remote Access Service (RRAS) management tool, aiming to bolster system security without necessitating a system restart.
Understanding the RRAS Vulnerabilities
The RRAS component is integral to managing remote connectivity and VPN functionalities in both enterprise and consumer settings. The identified vulnerabilities, cataloged as CVE-2026-25172, CVE-2026-25173, and CVE-2026-26111, present significant security risks:
– CVE-2026-25172: This flaw allows a malicious remote server to disrupt RRAS operations or execute arbitrary code on a connected device.
– CVE-2026-25173: Similar to the previous, this vulnerability enables remote code execution or denial-of-service conditions when a victim connects to an attacker-controlled server.
– CVE-2026-26111: An additional issue that, under certain conditions, could permit code execution, compounding the risks associated with the aforementioned flaws.
In each scenario, attackers can set up rogue servers and wait for users or administrators utilizing the RRAS management tool to connect. Upon connection, the attacker can disrupt service functionality or execute malicious code on the victim’s machine, posing a severe threat, especially in enterprise environments where remote access management is routine.
The Advantage of Hotpatching
Unlike standard monthly security updates, hotpatches are designed to apply critical fixes to running processes in memory without interrupting workflows. Devices enabled for hotpatching receive and install the update silently, with no restart required for it to take effect. This approach significantly reduces downtime, which is particularly valuable for enterprise deployments managing large fleets of machines.
Applicability and Deployment
This update applies to:
– Windows 11, version 25H2 (OS Build 26200.7982)
– Windows 11, version 24H2 (OS Build 26100.7982)
– Both x64 and Arm64 architectures are covered
For hotpatch-enabled devices, the update is downloaded and installed automatically through Windows Update, with no manual intervention required. Administrators can also access the package through the Microsoft Update Catalog or Server Update Services (WSUS) for managed environments.
Ensuring System Security
Microsoft reports no known issues with this update at the time of publication. Devices that have already applied previous updates will only download the new changes included in this package. Security teams should verify that hotpatch functionality is enabled across eligible endpoints. For organizations that rely heavily on RRAS for remote access management, confirming the installation of updates should be a priority, given the potential for remote code execution these vulnerabilities pose.
