Microsoft hotpatches critical RRAS flaw

Microsoft has issued an out of band hotpatch, KB5084597. The update addresses three remote code execution vulnerabilities in the Windows Routing and Remote Access Service. The vulnerabilities are identified as CVE 2026 25172, CVE 2026 25173, and CVE 2026 26111. The hotpatch applies to Windows 11 Enterprise devices enrolled in the hotpatch program. It covers Windows 11 versions 24H2, 25H2, and Enterprise LTSC 2024 for those enrolled devices. No evidence of active exploitation has been reported. An authenticated attacker on the domain could trick a user into sending a request to a malicious server via the RRAS Snap in. This could lead to an integer overflow and allow remote code execution. The attack requires user interaction. Immediate patching is recommended for affected enterprise devices. Apply the out of band hotpatch KB5084597 to affected systems. Devices not in the hotpatch program were protected Disabling the Routing and Remote Access Service can serve as a temporary mitigation if immediate patching is not possible.