Microsoft releases OOB hotpatch for Windows 11 RRAS RCE vulnerabilities

First reported

14.03.2026 23:48

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

Microsoft has released an out-of-band (OOB) hotpatch update (KB5084597) for Windows 11 Enterprise devices to address critical remote code execution (RCE) vulnerabilities in the Routing and Remote Access Service (RRAS) management tool. The vulnerabilities, tracked as CVE-2026-25172, CVE-2026-25173, and CVE-2026-26111, could allow remote code execution when connecting to a malicious server. The hotpatch update is designed for devices using hotpatch updates instead of regular Patch Tuesday cumulative updates, ensuring no reboot is required for mission-critical systems.

Timeline

14.03.2026 23:48 1 articles · 22h ago

Microsoft releases OOB hotpatch for Windows 11 RRAS RCE vulnerabilities
Microsoft has released an out-of-band hotpatch update (KB5084597) to address critical remote code execution (RCE) vulnerabilities in the Routing and Remote Access Service (RRAS) management tool for Windows 11 Enterprise devices. The vulnerabilities, tracked as CVE-2026-25172, CVE-2026-25173, and CVE-2026-26111, were previously fixed in the March 2026 Patch Tuesday updates. The hotpatch update is designed for devices using hotpatch updates and managed through Windows Autopatch, ensuring no reboot is required for mission-critical systems.
Show sources

Microsoft releases Windows 11 OOB hotpatch to fix RRAS RCE flaw — www.bleepingcomputer.com — 14.03.2026 23:48
Open in new tab

Information Snippets

The vulnerabilities affect Windows 11 Enterprise devices running hotpatch updates and used for remote server management.
First reported: 14.03.2026 23:48

1 source, 1 article
Show sources
- Microsoft releases Windows 11 OOB hotpatch to fix RRAS RCE flaw — www.bleepingcomputer.com — 14.03.2026 23:48
The hotpatch update KB5084597 is cumulative and includes all fixes from the March 2026 Patch Tuesday update.
First reported: 14.03.2026 23:48

1 source, 1 article
Show sources
- Microsoft releases Windows 11 OOB hotpatch to fix RRAS RCE flaw — www.bleepingcomputer.com — 14.03.2026 23:48
The vulnerabilities can be exploited by an attacker authenticated on the domain by tricking a domain-joined user into sending a request to a malicious server via the RRAS Snap-in.
First reported: 14.03.2026 23:48

1 source, 1 article
Show sources
- Microsoft releases Windows 11 OOB hotpatch to fix RRAS RCE flaw — www.bleepingcomputer.com — 14.03.2026 23:48
The hotpatch update will only be offered to devices enrolled in the hotpatch update program and managed through Windows Autopatch.
First reported: 14.03.2026 23:48

1 source, 1 article
Show sources
- Microsoft releases Windows 11 OOB hotpatch to fix RRAS RCE flaw — www.bleepingcomputer.com — 14.03.2026 23:48