Microsoft has launched an emergency hotpatch to address critical security flaws in Windows 11 Enterprise systems that utilize specialized update paths. This specific update, KB5084597, eliminates remote code execution risks within the Routing and Remote Access Service management tool for devices that cannot easily undergo a standard reboot.
Microsoft recently issued an out-of-band security update to resolve several vulnerabilities affecting Windows 11 Enterprise devices configured for hotpatching. The update specifically targets a weakness in the Routing and Remote Access Service management tool that could be exploited by an attacker. If a domain-authenticated user is tricked into connecting to a malicious server through this tool, the attacker could potentially execute code remotely on the client machine.
The released patch is categorized as a hotpatch, which is a specialized delivery method designed for mission-critical environments. Unlike standard cumulative updates that require a system restart to take effect, hotpatches apply fixes directly to the memory of running processes. This allows organizations to maintain continuous uptime for essential services while still ensuring the underlying files on the disk are updated for future reboots.
This security release covers Windows 11 versions 25H2 and 24H2, along with Enterprise LTSC 2024 editions. The specific vulnerabilities addressed are tracked as CVE-2026-25172, CVE-2026-25173, and CVE-2026-26111. While these flaws were technically addressed during the regular March 2026 Patch Tuesday cycle, this new delivery ensures that systems relying on the hotpatching infrastructure receive the same level of protection without the need for immediate downtime.
Microsoft noted that while it had previously issued fixes for these specific flaws, this latest version was re-released to ensure comprehensive coverage across all possible exploitation scenarios. The update is cumulative, meaning it includes all security improvements and fixes provided in the standard March 10 security update. It serves as a bridge for enterprise users who need the latest security definitions but operate under strict no-reboot policies.
Distribution of this hotpatch is limited to a specific subset of professional users. It will only be offered to Enterprise devices that are officially enrolled in the hotpatch update program and managed through the Windows Autopatch service. For these eligible systems, the fix will be applied automatically in the background, maintaining system security without interrupting active workflows or requiring administrative intervention for a manual restart.
Source: Microsoft Releases Windows 11 Hotpatch for RRAS RCE Vulnerability