Microsoft Releases Emergency Patch for Critical RRAS RCE Flaw in Windows 11

Microsoft has released an urgent out‑of‑band security update to address several critical vulnerabilities in the Windows Routing and Remote Access Service (RRAS) management tool that could allow attackers to execute arbitrary code on affected systems.

The patch, released on March 13, 2026, comes outside Microsoft’s regular Patch Tuesday cycle due to the severity and potential exploitation risk associated with the flaws.

Critical RRAS RCE Vulnerabilities

The security update, identified as hotpatch KB5084597, fixes three vulnerabilities tracked as CVE‑2026‑25172, CVE‑2026‑25173, and CVE‑2026‑26111.

All three flaws affect the Windows Routing and Remote Access Service (RRAS) management tool, a component widely used by administrators to configure routing capabilities and Virtual Private Network (VPN) services within enterprise networks.

RRAS plays a key role in network infrastructure by enabling remote connectivity, routing policies, and secure VPN tunneling between networks.

Because the service often operates in environments that handle sensitive network traffic, vulnerabilities in its management components can present significant security risks.

According to Microsoft, the vulnerabilities can be triggered when a user connects to a maliciously crafted remote server.

If a threat actor successfully persuades a target to initiate such a connection, the attacker can exploit the flaws to disrupt the RRAS management tool and potentially execute arbitrary code on the affected system.

Successful exploitation could allow attackers to:

• Execute unauthorized malicious code on the targeted device.
• Install malware or backdoors.
• Access sensitive data stored on the system.
• Use the compromised system as a foothold for deeper network intrusion.

Remote Code Execution vulnerabilities are considered particularly dangerous because they allow attackers to run code without needing prior authentication or extensive privileges, depending on the attack scenario.

Out‑of‑Band Hotpatch Deployment

Due to the immediate risk associated with the RRAS flaws, Microsoft issued the fix as an out‑of‑band hotpatch rather than waiting for the next scheduled Patch Tuesday release.

Out‑of‑band updates are typically reserved for critical vulnerabilities that require immediate remediation.

The update uses Microsoft’s hotpatch technology, which allows security fixes to be applied directly to running processes without requiring a system reboot.

This approach minimizes disruption for enterprise environments that depend on continuous system availability.

With hotpatching, the update installs silently in the background and takes effect immediately, allowing organizations to secure vulnerable systems while maintaining active workloads and network connections.

The KB5084597 update applies specifically to:

• Windows 11 Version 25H2 (OS Build 26200.7982)
• Windows 11 Version 24H2 (OS Build 26100.7982)

Microsoft notes that the hotpatch is available only for devices that are explicitly configured for hotpatch-enabled updates.

Systems that rely on the standard Windows update delivery model will receive the necessary security protections through the regular update pipeline and do not require manual installation of this specific hotpatch.

Microsoft reported no known issues associated with the update at the time of release. The company also bundled the latest Servicing Stack Update (SSU) with KB5084597 to ensure the reliability and stability of the Windows update infrastructure.

Administrators and security teams should take several steps to ensure their environments remain protected:

• Ensure Windows Update is enabled so the hotpatch installs automatically on supported devices.
• Verify systems are running Windows 11 versions 25H2 or 24H2 with the appropriate OS builds.
• Monitor network security logs for suspicious outbound connections to unknown remote servers.
• Review the Windows Release Health Dashboard for any future updates or advisories related to these vulnerabilities.

The rapid deployment of this hotpatch highlights the critical role of timely patch management in enterprise security.

Organizations running Windows 11 environments should prioritize verification of update status to reduce exposure to potential exploitation attempts targeting the RRAS component.

Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.

The post Microsoft Releases Emergency Patch for Critical RRAS RCE Flaw in Windows 11 appeared first on Cyber Security News.