Microsoft Issues Emergency Hotpatch for Windows 11 RRAS Vulnerabilities
Microsoft has released an out-of-band (OOB) hotpatch to address critical security vulnerabilities within the Windows Routing and Remote Access Service (RRAS) management tool in Windows 11. The update is specifically targeted at Windows 11 Enterprise devices enrolled in the hotpatch program, offering a seamless security enhancement without requiring a system reboot.
Understanding the Windows Routing and Remote Access Service (RRAS)
The Windows Routing and Remote Access Service (RRAS) is a built-in Windows administrative component that allows IT administrators to configure and manage a system’s network routing and remote connectivity features. Administrators utilize RRAS to establish services like VPN access, remote user connections, network address translation (NAT), and routing of traffic between different networks.
In enterprise environments, RRAS is frequently used to manage secure remote access for employees and to connect branch offices or networks, enabling a Windows system to function as a software-based router and remote access server.
The Three RRAS Vulnerabilities Addressed
Microsoft addressed three security flaws – CVE-2026-25172, CVE-2026-25173, and CVE-2026-26111 – with the March 2026 Patch Tuesday release for Windows 11. The hotpatch, designated KB5084597, specifically targets Windows 11 Enterprise devices running versions 24H2, 25H2, and Enterprise LTSC 2024.
According to Microsoft, “An attacker authenticated on the domain could exploit this vulnerability by tricking a domain-joined user into sending a request to a malicious server via the Routing and Remote Access Service (RRAS) Snap-in.” [BleepingComputer]
Hotpatch Deployment and Benefits
This out-of-band update (KB5084597) is cumulative, incorporating all changes from the March 2026 Windows security update released on March 10, 2026. A key benefit of this hotpatch is its delivery mechanism. Designed exclusively for Windows 11 devices participating in the update program and managed by Windows Autopatch, the update installs automatically and takes effect without requiring a system reboot. [Guru3D] Windows 11 PCs not enrolled in this program received the security fix as part of the regular Patch Tuesday update.
Key Takeaways
- Microsoft released an out-of-band hotpatch to address three RRAS-related remote code execution vulnerabilities.
- The update targets Windows 11 Enterprise devices enrolled in the hotpatch program.
- Enrolled Windows 11 systems receive the fix automatically without requiring a system reboot.
This proactive approach to security patching demonstrates Microsoft’s commitment to protecting enterprise environments from emerging threats, particularly those leveraging the RRAS infrastructure for remote access and network management.
Keep reading