Published on March 15, 2026
Microsoft releases Windows 11 OOB hotpatch to fix RRAS RCE flaw
Severity
High
Details
Microsoft has released an out-of-band (OOB) hotpatch for Windows 11 to address multiple Remote Code Execution (RCE) vulnerabilities in the Routing and Remote Access Service (RRAS) management component. The vulnerabilities could allow attackers to execute arbitrary code on affected systems by tricking users into connecting to malicious servers or processing specially crafted network interactions.
The emergency hotpatch update (KB5084597) targets Windows 11 Enterprise devices configured to receive hotpatch updates, a technology that allows security fixes to be applied in memory without requiring system reboots, helping organizations maintain uptime for critical workloads.
If successfully exploited, attackers could execute malicious code remotely, potentially compromising systems and gaining elevated privileges as RRAS is used for VPN and remote networking functionality, exploitation could expose enterprise environments to unauthorized access and lateral movement.
| CVE ID | Summary | Impact | CVSS Score |
| CVE-2026-25172 | Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. | Remote Code Execution, unauthorized system control. | 8.0 (High) |
| CVE-2026-25173 | A flaw in RRAS that could allow attackers to manipulate remote connections and execute malicious code on targeted systems. | Remote Code Execution, potential privilege escalation. | 8.0 (High) |
| CVE-2026-26111 | A security weakness affecting RRAS components that may enable attackers to exploit remote connectivity features and run arbitrary code. | Remote Code Execution, potential privilege escalation. | 8.0 (High) |
Microsoft noted that these vulnerabilities were previously addressed in the March 2026 Patch Tuesday updates, but the OOB hotpatch was released to allow enterprise systems using hotpatching to apply the fixes without requiring a restart.
Affected Products
These vulnerabilities affect Microsoft Windows systems configured for hotpatch updates including:
- Windows 11 Enterprise devices enrolled in the Windows Hotpatch / Autopatch update model.
- Systems running Routing and Remote Access Service (RRAS) components.
- Devices that have not yet applied the March 2026 security updates.
Recommendation
To mitigate these vulnerabilities, implement the following measures:
- Install the Windows 11 OOB hotpatch update (KB5084597) immediately.
- Apply the latest March 2026 cumulative security updates if hotpatching is not enabled.
- Restart systems where required to ensure updates are fully applied.
- Restrict exposure of RRAS services to trusted networks only.
Source
https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-11-oob-hotpatch-to-fix-rras-rce-flaw/