Microsoft has rolled out an urgent out‑of‑band (OOB) update to patch a critical vulnerability that could allow remote code execution on Windows 11 Enterprise devices. The fix, identified as KB5084597, was released yesterday and specifically targets the Windows Routing and Remote Access Service (RRAS) management tool.
The issue arises when an authenticated user in a domain is tricked into sending a request to a malicious server via the RRAS Snap‑in. This scenario can enable an attacker to execute arbitrary code on the target machine. The vulnerability is limited to Enterprise client devices that receive hotpatch updates rather than the regular cumulative Patch Tuesday releases.
Microsoft’s advisory notes that the affected systems include Windows 11 versions 25H2 and 24H2, as well as the Windows 11 Enterprise LTSC 2024 build. Three CVEs—CVE‑2026‑25172, CVE‑2026‑25173, and CVE‑2026‑26111—were already addressed in the March 2026 Patch Tuesday update on March 10. However, installing cumulative updates requires a reboot, which is impractical for mission‑critical workloads.
To mitigate this, hotpatch updates perform in‑memory patching of running processes, delivering fixes without downtime while also updating disk files so that subsequent reboots retain the security patches. The KB5084597 update incorporates all the March 2026 Windows security fixes and adds new protections for RRAS.
Only devices enrolled in the hotpatch program and managed through Windows Autopatch will receive this update automatically, eliminating the need for manual intervention or restarts. This approach ensures that high‑availability environments remain secure without compromising operational continuity.
Users should verify whether their systems are part of the hotpatch rollout and monitor for any pending updates. Microsoft’s documentation on hotpatch deployment provides detailed guidance on how to enable and manage these updates across an enterprise environment.
