KB5084597: Microsoft Windows 11 Emergency Update Fixes RRAS RCE Flaw
Microsoft has released an out-of-band hotpatch, KB5084597, described as a Microsoft Windows 11 Emergency Update, to fix security vulnerabilities in the Windows Routing and Remote Access Service (RRAS) management tool that could allow remote code execution when a device connects to a malicious server. The KB5084597 hotpatch update was released yesterday for affected Enterprise configurations.
Microsoft Windows 11 Emergency Update: What Was Released
The KB5084597 hotpatch is an out-of-band update intended for Windows 11 Enterprise devices that receive hotpatch updates instead of the regular Patch Tuesday cumulative updates. Microsoft identified the issue in the RRAS management tool and issued the hotpatch to address the risk of remote code execution tied to connections with a malicious server.
The update is targeted at Windows 11 versions 25H2 and 24H2, and Windows 11 Enterprise LTSC 2024 systems. Microsoft stated in an advisory: “Microsoft has identified a security issue in the Windows Routing and Remote Access Service (RRAS) management tool that could allow remote code execution when connecting to a malicious server. “
Who Is Affected and When This Applies
Microsoft says the vulnerability only applies in a limited set of scenarios. Specifically, it affects Enterprise client devices that are running hotpatch updates rather than the regular cumulative updates and that are being used for remote server management. Devices outside this configuration are not described as being impacted by this hotpatch in the advisory.
The company bundled the fixes in KB5084597 as a targeted response to those hotpatch-managed Enterprise environments. The advisory emphasizes the narrow scope of the risk while acknowledging the potential for remote code execution under the described conditions.
Vulnerabilities and Patch History
The flaws addressed by KB5084597 are tracked as CVE-2026-25172, CVE-2026-25173, and CVE-2026-26111. Microsoft notes these vulnerabilities were fixed as part of the March 2026 Patch Tuesday updates, and the out-of-band KB5084597 hotpatch ensures that Enterprise devices on hotpatch update channels receive the same protections without waiting for the regular cumulative update cycle.
This release represents a targeted emergency response to make sure specific enterprise configurations receive critical fixes promptly. Organizations using hotpatch updates and employing Windows 11 devices for remote server management should apply KB5084597 to remediate the RRAS remote code execution risk in the affected versions of Windows 11.
