Microsoft has released an out-of-band (OOB) update to fix a security vulnerabilities affecting Windows 11 Enterprise devices that receive hotpatch updates instead of the regular Patch Tuesday cumulative updates.
The KB5084597 hotpatch update was released yesterday to fix vulnerabilities in the Windows Routing and Remote Access Service (RRAS) management tool that could allow remote code execution when connecting to a malicious server.
“Microsoft has identified a security issue in the Windows Routing and Remote Access Service (RRAS) management tool that could allow remote code execution when connecting to a malicious server,” reads an advisory from Microsoft.
“This issue only applies to a limited set of scenarios involving Enterprise client devices running hotpatch updates and being used for remote server management.”
The KB5084597 update is for Windows 11 versions 25H2 and 24H2, as well as Windows 11 Enterprise LTSC 2024 systems.
Microsoft says the vulnerabilities fixed by this hotpatch are tracked as CVE-2026-25172, CVE-2026-25173, and CVE-2026-26111, which were fixed as part of the March 2026 Patch Tuesday updates.
“An attacker authenticated on the domain could exploit this vulnerability by tricking a domain-joined user into sending a request to a malicious server via the Routing and Remote Access Service (RRAS) Snap-in,” reads the description for all three flaws.
The company says the hotpatch update is cumulative and includes all fixes and improvements from the March 2026 Windows security update released on March 10.
While the vulnerabilities were already fixed on Patch Tuesday, installing cumulative updates requires devices to be rebooted. However, some devices are used for mission-critical applications and services that cannot be easily rebooted.
To protect these types of devices, hotpatch updates apply new vulnerability fixes by performing in-memory patching of running processes to deliver fixes. At the same time, they update the files on disk so that the next time the device reboots, the fixes are still present.
Microsoft says it previously released hotfixes for these flaws, but re-released them yesterday “ensure comprehensive coverage across all affected scenarios.”
However, Microsoft says the hotpatch will only be offered to devices enrolled in the hotpatch update program and managed through Windows Autopatch, where it will be installed automatically without requiring a restart.
Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.
Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.
