Quick Read
- Microsoft released KB5084597 to fix three critical RRAS remote code execution vulnerabilities.
- The update employs in-memory hotpatching, allowing security fixes without system reboots.
- The patch is limited to managed enterprise devices enrolled in the Windows Autopatch program.
Microsoft has issued an out-of-band (OOB) hotpatch, identified as KB5084597, for Windows 11 versions 25H2, 24H2, and Enterprise LTSC 2024. This emergency release is designed to mitigate three critical vulnerabilities in the Windows Routing and Remote Access Service (RRAS) management tool, specifically CVE-2026-25172, CVE-2026-25173, and CVE-2026-26111. These flaws could potentially allow an authenticated attacker on a domain to achieve remote code execution by tricking a user into sending a request to a malicious server via the RRAS Snap-in.
Strategic Importance of In-Memory Hotpatching
The primary significance of this release lies in its deployment method. Unlike standard cumulative updates that necessitate a system reboot—often a logistical hurdle for mission-critical enterprise infrastructure—KB5084597 utilizes hotpatching technology. This allows the security fixes to be applied via in-memory patching of running processes. While the update also modifies files on the disk to ensure persistence after a future reboot, the immediate remediation occurs without disrupting the uptime of managed devices.
Targeted Deployment for Managed Environments
Microsoft confirmed that this update is not a general consumer rollout. It is specifically intended for enterprise-managed devices enrolled in the hotpatch update program and controlled through Windows Autopatch. For these systems, the update installs automatically. This targeted approach reflects a shift toward prioritizing high-availability environments where constant uptime is required for critical server management tasks. The company has clarified that there are currently no known issues associated with this hotpatch, a notable stability benchmark for an out-of-band security release.
Addressing RRAS Management Risks
The vulnerabilities within the RRAS management tool highlight a specific attack vector involving network administration interfaces. By targeting the way the RRAS Snap-in handles requests, the identified CVEs represent a risk to domain-joined environments. The decision to re-release these fixes as an OOB hotpatch, following the initial Patch Tuesday cycle, underscores the urgency with which Microsoft is treating the potential for remote exploitation in managed server infrastructures. IT administrators are advised to verify that their devices are properly enrolled in the relevant quality update policies to receive the patch automatically.
The deployment of in-memory hotpatching for critical network vulnerabilities marks a pivotal shift in enterprise security, signaling that Microsoft is increasingly prioritizing the elimination of ‘reboot-or-vulnerable’ dilemmas for mission-critical infrastructure that cannot afford downtime.