On March 13, 2026, Microsoft released an urgent update addressing critical vulnerabilities in Windows 11, specifically targeting versions 24H2 and 25H2. This out-of-band hotpatch aims to fix serious issues in the Windows Routing and Remote Access Service (RRAS) management tool, providing a crucial layer of security without necessitating a device restart.
Addressing RRAS Security Flaws
The update, identified as KB5084597, focuses on remedying vulnerabilities found within the RRAS component of Windows 11. This service is essential for managing remote connections and VPN functionalities in both corporate and personal settings. The hotpatch covers three critical security vulnerabilities, which are tracked as CVE-2026-25172, CVE-2026-25173, and CVE-2026-26111.
The primary risk involves an attacker establishing a rogue server to exploit these vulnerabilities. Once a connection is made to this server, the attacker can disrupt services or execute arbitrary code on the affected device, posing significant threats, especially in enterprise environments where such management tools are routinely used.
Benefits of Hotpatch Updates
Unlike traditional monthly updates, this hotpatch aims to implement crucial fixes directly into the system’s memory, minimizing workflow interruptions. Devices configured for hotpatching can receive and apply updates seamlessly without requiring a restart. This feature is particularly beneficial for enterprises managing extensive networks, as it reduces downtime considerably.
It’s important to note that this patch is exclusive to hotpatch-enabled devices. Machines that only receive standard Windows updates will not receive this specific security fix. The update also includes the latest Servicing Stack Update (SSU) — KB5083532, ensuring the update infrastructure remains robust and current.
Applicability and Recommendations
The security update is applicable to Windows 11, version 25H2 (OS Build 26200.7982) and version 24H2 (OS Build 26100.7982), covering both x64 and Arm64 architectures. For eligible devices, the update is deployed automatically via Windows Update, requiring no manual action from users or administrators.
Organizations that depend heavily on RRAS for remote management should prioritize verifying the installation of this update to mitigate potential exploitation risks. Ensuring hotpatch functionality is active across all applicable endpoints will enhance security measures. At the time of this release, Microsoft had not reported any known issues with the update, and devices with previous updates will only receive the new changes included in this package.
For ongoing cybersecurity coverage, follow Microsoft on platforms like Google News, LinkedIn, and X. Reach out to share your cybersecurity stories and insights.
