Microsoft has issued an urgent, out-of-band (OOB) security update to address critical vulnerabilities within the Windows Routing and Remote Access Service (RRAS). The hotpatch, designated KB5084597, targets a specific set of enterprise environments where Windows 11 devices are managed via hotpatch updates rather than standard monthly cumulative updates. This deployment underscores the severity of the flaws, which could enable remote code execution (RCE) if a user connects to a compromised server through the RRAS management tool.
The vulnerabilities, tracked as CVE-2026-25172, CVE-2026-25173, and CVE-2026-26111, were originally resolved in the broader March 2026 Patch Tuesday cycle. However, Microsoft identified that devices receiving hotpatch updates—a streamlined servicing model for enterprise clients—required a separate, immediate fix. The company's advisory warns that an authenticated attacker on the domain could exploit these flaws by deceiving a domain-joined user into initiating a connection to a malicious server via the RRAS Snap-in management console.
This security issue is confined to a narrow but high-risk scenario involving Enterprise client devices running specific Windows 11 versions: 25H2, 24H2, and Windows 11 Enterprise LTSC 2024. These systems must be configured to receive hotpatch updates and are typically used for remote server management tasks. The release of an OOB hotpatch outside the regular update cadence highlights Microsoft's proactive response to threats that could bypass standard patch deployments in specialized enterprise configurations.
The deployment of KB5084597 serves as a critical reminder for enterprise IT administrators to verify their update channels and apply this patch immediately. Organizations relying on hotpatch servicing must ensure their Windows 11 Enterprise endpoints are updated to mitigate the RCE risk. This incident also illustrates the evolving complexity of enterprise security postures, where different update mechanisms require tailored responses to close security gaps promptly and effectively.
