Microsoft ships emergency Windows 11 hotpatch for RRAS remote code execution flaws

Home » News
Yash Shield
News
Reading time icon 3 min. read

Calendar icon Published on

Microsoft has released an out-of-band hotpatch for Windows 11 versions 24H2 and 25H2 to fix three security flaws in the Windows Routing and Remote Access Service, or RRAS, management tool. The update is KB5084597 and brings systems to OS Builds 26100.7982 and 26200.7982.

Microsoft says the update fixes CVE-2026-25172, CVE-2026-25173, and CVE-2026-26111. In the official release notes, the company says that if a user connects to a malicious remote server through the RRAS management tool, an attacker could disrupt the tool or execute code on the device.

The main point of this release is speed and minimal disruption. Microsoft delivered it as a hotpatch, which means eligible systems can get the fix without a restart. That matters for organizations that use hotpatch-enabled Windows 11 fleets and want to close serious remote access risks quickly.

What the update fixes

Microsoft’s release notes group the three bugs under networking security fixes tied to RRAS. The company’s wording says the problem appears when someone connects to a malicious remote server, which then allows an attacker to interfere with the RRAS management tool or run code on the victim system.

Public vulnerability records describe CVE-2026-26111 as an integer overflow or wraparound issue in Windows RRAS that can lead to code execution over a network. NVD now lists the flaw as requiring an authorized attacker and user interaction.

Affected versions

VersionBuild after updateUpdate
Windows 11 24H226100.7982KB5084597
Windows 11 25H226200.7982KB5084597

Source: Microsoft support release notes.

What makes this release different

This is not a normal Patch Tuesday package. Microsoft labels KB5084597 as an out-of-band hotpatch, which means it targets hotpatch-enabled devices outside the usual monthly cycle. The company also says the latest servicing stack update is included with the release.

Microsoft’s support page says the update is available for Windows 11 on both x64 and Arm64 systems that are set up for hotpatching. Devices that do not use hotpatch are not offered this exact package.

What admins should do

  • Check whether eligible Windows 11 24H2 and 25H2 devices support hotpatch and received KB5084597.
  • Prioritize systems used for RRAS administration or remote connectivity management.
  • Review Microsoft’s CVE entries for CVE-2026-25172, CVE-2026-25173, and CVE-2026-26111 for risk tracking and documentation.
  • Confirm that standard patch management workflows do not miss this release just because it arrived outside the regular monthly schedule.

FAQ

What does KB5084597 fix?

Microsoft says it fixes three RRAS management tool security issues: CVE-2026-25172, CVE-2026-25173, and CVE-2026-26111.

Does the update require a restart?

Microsoft released it as a hotpatch, so eligible devices can receive it without a restart.

Which Windows versions are covered?

Windows 11 versions 24H2 and 25H2.

Are there known issues?

Microsoft’s support page says it is not currently aware of issues with this update.

Yash

Yash Shield

I am a Business Analytics student with a strong interest in publishing well-researched and data-driven news articles. I focus on analyzing trends in business, finance, and technology to create clear, accurate, and engaging content for readers. I enjoy transforming complex data and information into simple, meaningful stories that help audiences understand current developments. With analytical thinking and attention to detail, I aim to deliver credible and insightful news that adds real value to readers.

Readers help support VPNCentral. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help VPNCentral sustain the editorial team Read more

User forum

0 messages