Microsoft Releases Out-of-Band Patch For Critical RRAS RCE Flaw in Windows 11
March 16, 2026 – Microsoft has rolled out a crucial security hotpatch for Windows 11, targeting versions 25H2 (OS Build 26200.7982) and 24H2 (OS Build 26100.7982) via KB5084597. Released on March 13, 2026, this update silently fortifies systems against remote code execution threats in the Windows Routing and Remote Access Service (RRAS) management tool without requiring reboots on hotpatch-enabled devices.
Imagine connecting your enterprise VPN to what seems like a trusted server, only for an attacker to hijack the session, crash your tools, or worse, execute malicious code directly on your machine. That’s the nightmare KB5084597 prevents. The patch addresses three zero-day vulnerabilities disclosed by Microsoft Security Response Center (MSRC):
- CVE-2026-25172: A high-severity flaw allowing remote disruption or code execution when linking to a rogue RRAS server.
- CVE-2026-25173: Similar remote attack vector exploiting RRAS management weaknesses.
- CVE-2026-26111: Another RRAS-related issue enabling attackers to destabilize or compromise connected devices.
All carry CVSS scores in the critical range (pending full disclosure), making them prime targets for threat actors in ransomware campaigns or lateral movement within networks.
This hotpatch is exclusive to Windows Autopatch-enabled environments and integrates seamlessly with the latest Servicing Stack Update (SSU KB5083532, version 26100.8035). No restart needed updates apply in the background, minimizing downtime for servers and endpoints. For standard setups, it pairs with Windows Update’s automatic delivery. Check the Windows release health dashboard or update history for 25H2 and 24H2.
Key Impacts and Recommendations
- Enterprise Angle: RRAS is a cornerstone for VPNs and remote access; unpatched systems risk supply-chain style attacks.
- Home Users: If you’re on managed Windows 11, enable hotpatching via Windows Autopatch docs.
- Deployment Options: Grab it via Windows Update, Catalog, or WSUS. File lists: Cumulative Update and SSU.
No known issues reported yet Microsoft’s tracking remains clean. This release underscores the shift to continuous innovation, blending security with non-disruptive fixes.
Site: cybersecuritypath.com
About the Author
