Microsoft Releases Emergency Windows 11 Hotpatch to Fix Remote Code Execution Flaw

[harlan4096]

Microsoft has released an out-of-band hotpatch update, KB5084597, to fix three remote code execution vulnerabilities in the Windows Routing and Remote Access Service (RRAS) management tool. The update targets Windows 11 Enterprise devices enrolled in the hotpatch program that did not receive the fixes through the standard March 2026 Patch Tuesday cumulative update.

The three vulnerabilities are tracked as CVE-2026-25172, CVE-2026-25173, and CVE-2026-26111. All three were addressed in the March 10 Patch Tuesday release for standard Windows 11 devices.

How Attackers Can Exploit These RRAS Vulnerabilities

According to Microsoft's advisory, an attacker authenticated on the domain could exploit these flaws by tricking a domain-joined user into sending a request to a malicious server through the RRAS snap-in. Successful exploitation allows remote code execution on the affected device.

Microsoft states the issue applies only to Enterprise client devices running hotpatch updates and used for remote server management.

Continue Reading...