Find notable cyber news and cases, enriched with sources, timelines, and signals.

Windows RRAS management tool remote code execution flaws (multiple vulnerabilities)

Vulnerability
First reported
Last updated
Happening score
H score 26
1 unique sources, 1 articles

Summary

Hide ▲

Windows 11 Enterprise devices using the Windows Routing and Remote Access Service (RRAS) management tool were affected by flaws that could enable remote code execution when a user connects to a malicious server. Microsoft addressed the vulnerabilities with KB5084597 and identified them as CVE-2026-25172, CVE-2026-25173, and CVE-2026-26111.

Related Happenings

Microsoft extends Windows Server 2022 Hotpatch support through October 2027 for enrolled Azure Edition servers

Security Tool/Service
H score11 First: 29.06.2026 20:11 Last: 29.06.2026 20:11 Sources 1

About this happening: Microsoft has extended **Windows Server 2022 Hotpatch** support through **October 2027**, preserving **monthly security updates without restarts** for enrolled servers and reducin...

Microsoft Defender RoguePlanet race-condition zero-day remote code execution flaw

Vulnerability
H score39 First: 10.06.2026 02:11 Last: 10.06.2026 02:11 Sources 1

About this happening: Microsoft Defender zero-day RoguePlanet is a race-condition flaw affecting fully patched Windows 10 and Windows 11 systems. A public proof-of-concept exploit was released shortly...

Latest development: 10.06.2026 08:22

The anonymous security researcher Chaotic Eclipse, also known as Nightmare-Eclipse, released a proof-of-concept (PoC) exploit for the Microsoft Defender zero-day RoguePlanet under a new GitHub account named MSNightmare. The race-condition exploit can yield a SYSTEM-level shell and arbitrary code execution when it succeeds, has been tested on Windows 11 and Windows 10 with the June 2026 Patch Tuesday updates installed, and currently does not work on Windows Server without redesign because standard users cannot mount an ISO image.

Microsoft Windows Known Issue Rollback guidance for KB5089549

Advisory/Mitigation
H score14 First: 01.06.2026 13:59 Last: 01.06.2026 13:59 Sources 1

About this happening: Microsoft's **Known Issue Rollback** guidance gives **Windows 11** users and admins a workaround for **KB5089549** installation failures caused by low **EFI System Partition (ESP)...

Microsoft Windows Server 2016 domain controller discovery failure after KB5087537

Service Disruption
H score0 First: 26.05.2026 10:41 Last: 26.05.2026 10:41 Sources 1

About this happening: Microsoft confirmed a **known issue** in **Windows Server 2016** after **KB5087537** that can prevent **domain controller discovery**, disrupting administrative operations and app...

Windows BitLocker YellowKey mitigation guidance (CVE-2026-45585)

Advisory/Mitigation
H score32 First: 20.05.2026 10:31 Last: 20.05.2026 10:31 Sources 1

About this happening: **Windows BitLocker** **YellowKey** (**CVE-2026-45585**) moved from interim mitigation to patch status after **Microsoft** fixed it in **June 2026 Patch Tuesday**. The **Windows R...

Latest development: 10.06.2026 12:57

On Tuesday, Microsoft fixed YellowKey (CVE-2026-45585) as part of its June 2026 Patch Tuesday updates and shared mitigation measures for the Windows Recovery Environment backdoor. The flaw affects unpatched Windows 11 and Windows Server 2022/2025 systems and can let attackers with physical access bypass BitLocker protection on targeted devices.

Timeline

  1. 14.03.2026 23:48 1 articles · 3mo ago

    March 2026 Patch Tuesday fixes RRAS flaws

    Mitigation Patch Update

    Microsoft ships the March 2026 Windows security update on March 10, fixing CVE-2026-25172, CVE-2026-25173, and CVE-2026-26111 in the Windows Routing and Remote Access Service (RRAS) management tool, where an authenticated domain attacker could trick a domain-joined user into sending a request to a malicious server via the RRAS Snap-in.

    Show sources
  2. 14.03.2026 23:48 2 articles · 3mo ago

    Microsoft reissues KB5084597 hotpatch

    Initial Disclosure

    Microsoft releases KB5084597 as an out-of-band hotpatch for Windows 11 Enterprise hotpatch devices, covering Windows 11 25H2, 24H2, and Windows 11 Enterprise LTSC 2024 and automatically serving eligible devices enrolled in Windows Autopatch without requiring a restart.

    Show sources