Windows 11 Emergency Hotpatch Addresses RRAS Vulnerabilities
A new Windows 11 hotpatch is automatically delivered to enterprise devices enrolled in the hotpatch program.
Key Takeaways:
- Microsoft released an out-of-band hotpatch to address three RRAS-related remote code execution vulnerabilities.
- The update targets Windows 11 Enterprise devices enrolled in the hotpatch program.
- Enrolled Windows 11 systems receive the fix automatically without requiring a system reboot.
Microsoft has released an emergency Windows 11 update to fix remote code execution vulnerabilities affecting the Windows Routing and Remote Access Service (RRAS) management tool. The patch specifically targets certain Windows 11 Enterprise devices enrolled in Microsoft’s hotpatch program.
The Windows Routing and Remote Access Service (RRAS) management tool is a built‑in Windows administrative component that lets IT administrators configure and control a system’s network routing and remote connectivity features. Administrators can use RRAS to set up services such as VPN access, remote user connections, network address translation (NAT), and traffic routing between different networks.
In enterprise environments, it is commonly used to manage secure remote access for employees and to connect branch offices or networks. It allows a Windows system to function as a software‑based router and remote access server rather than just a standard client machine.
Three security flaws addressed in the RRAS management tool
Microsoft addressed the three vulnerabilities (tracked as CVE-2026-25172, CVE-2026-25173, and CVE-2026-26111) with the March 2026 Patch Tuesday release for Windows 11 devices. This hotpatch update targets Windows 11 Enterprise devices running versions 24H2, 25H2, and Enterprise LTSC 2024.
“An attacker authenticated on the domain could exploit this vulnerability by tricking a domain-joined user into sending a request to a malicious server via the Routing and Remote Access Service (RRAS) Snap-in,” Microsoft explained.
This out-of-band update (KB5084597) released by Microsoft yesterday is cumulative, meaning it includes all changes from the March 2026 Windows security update released last week.
This hotpatch is provided exclusively to Windows 11 devices that are part of the update program and are managed by Windows Autopatch. For those enrolled devices, the update installs automatically and takes effect without requiring a reboot. Windows 11 PCs that are not part of this program received the security fix as part of the regular Patch Tuesday update released on March 10.
Rabia has a master's degree in Software Engineering and she has years of experience writing professionally about Microsoft products and other technologies. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on t...
