Microsoft Windows 11 Emergency Update: KB5084597 Hotpatch Fixes RRAS RCE in 25H2 and 24H2
microsoft windows 11 emergency update was issued yesterday to patch a critical remote code execution flaw in the Windows Routing and Remote Access Service (RRAS) management tool. Microsoft released the KB5084597 hotpatch for Enterprise clients that receive hotpatch updates instead of the regular cumulative updates. The change affects Windows 11 25H2, 24H2 and Windows 11 Enterprise LTSC 2024 devices used for remote server management.
Details of the out-of-band hotpatch
The microsoft windows 11 emergency update, rolled out as KB5084597, corrects vulnerabilities in the RRAS management tool that could allow remote code execution when a device connects to a malicious server. “Microsoft has identified a security issue in the Windows Routing and Remote Access Service (RRAS) management tool that could allow remote code execution when connecting to a malicious server, ” reads an advisory from Microsoft. “This issue only applies to a limited set of scenarios involving Enterprise client devices running hotpatch updates and being used for remote server management. “
The KB5084597 hotpatch was released yesterday specifically for Enterprise client devices that use hotpatching rather than the regular Patch Tuesday cumulative update cycle. The microsoft windows 11 emergency update addresses the risk by updating the RRAS management tool code paths involved in remote server connections. The advisory makes clear the exposure is limited to the described scenario, focusing the fix on enterprise remote-management workflows.
Microsoft Windows 11 Emergency Update
Microsoft says the vulnerabilities fixed by this hotpatch are tracked as CVE-2026-25172, CVE-2026-25173, and CVE-2026-26111, which were fixed as part of the March 2026 Patch Tuesday updates. The microsoft windows 11 emergency update therefore backports those fixes into an out-of-band hotpatch package for clients that skipped the full monthly cumulative and instead receive hotpatches.
KB5084597 covers Windows 11 versions 25H2 and 24H2 as well as Windows 11 Enterprise LTSC 2024 systems. The microsoft windows 11 emergency update is targeted at environments where administrators use RRAS to manage remote servers, and where the device management channel relies on hotpatch delivery rather than standard cumulative updates.
What’s next
Organizations running Enterprise client devices with hotpatching enabled should confirm the presence of KB5084597 where RRAS is used for remote server management; the microsoft windows 11 emergency update was published to close the gap that the March 2026 Patch Tuesday fixes addressed. Microsoft’s advisory frames the impact as limited to a narrow set of enterprise scenarios, so next steps will center on verification and deployment across affected endpoints.
Expect IT teams to track installations of KB5084597 and to reconcile those hotpatch installations with their March 2026 Patch Tuesday baselines to ensure the CVE-2026-25172, CVE-2026-25173 and CVE-2026-26111 fixes are present in managed fleets.
