Microsoft has released an emergency out-of-band update to fix security flaws affecting some Windows 11 Enterprise devices that use hotpatch updates instead of the usual Patch Tuesday cumulative updates.
The update, called KB5084597, was released yesterday and addresses vulnerabilities in the Windows Routing and Remote Access Service management tool. These flaws could let an attacker execute remote code if a user connects to a malicious server.
Microsoft said it found a security issue in the RRAS management tool that could lead to remote code execution when connecting to a harmful server. The company added that the issue only affects a limited number of cases involving Enterprise client devices running hotpatch updates and being used for remote server management.
The KB5084597 update applies to Windows 11 versions 25H2 and 24H2, along with Windows 11 Enterprise LTSC 2024 systems.
According to Microsoft, the vulnerabilities are tracked as CVE 2026 25172, CVE 2026 25173, and CVE 2026 26111. These flaws were already fixed as part of the March 2026 Patch Tuesday updates.
Microsoft explained that an attacker who is authenticated on the domain could exploit the issue by tricking a domain-joined user into sending a request to a malicious server through the RRAS snap-in.
The company also said the hotpatch update is cumulative, meaning it includes all fixes and improvements from the March 10, 2026, Windows security update.
Although the vulnerabilities were already addressed on Patch Tuesday, regular cumulative updates require a system restart. That can be a problem for devices running critical applications and services where rebooting is difficult or disruptive.
Hotpatch updates are designed for those situations. They apply security fixes directly to running processes in memory, allowing systems to stay online while also updating files on disk so the fixes remain in place after the next reboot.
Microsoft said it had released fixes for these flaws before, but issued the update again yesterday to make sure all affected scenarios are fully covered.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
The company added that the hotpatch will only be available to devices enrolled in the hotpatch update program and managed through Windows Autopatch. For those systems, the update will be installed automatically without requiring a restart.
