Microsoft: Microsoft Releases Emergency Patch for Critical RRAS RCE Flaw in Windows 11

Microsoft Releases Emergency Patch for Critical RRAS Vulnerabilities in Windows 11

On March 13, 2026, Microsoft issued an out-of-band security update to address three critical remote code execution (RCE) vulnerabilities in the Windows Routing and Remote Access Service (RRAS) management tool. The flaws, tracked as CVE-2026-25172, CVE-2026-25173, and CVE-2026-26111, affect enterprise networks relying on RRAS for routing, VPN services, and secure remote connectivity.

The vulnerabilities could be exploited if a user connects to a malicious remote server, allowing attackers to execute arbitrary code, install malware, or gain unauthorized access to sensitive data. Successful exploitation may also enable deeper network intrusion, posing significant risks to organizations handling confidential traffic.

To mitigate the threat, Microsoft released hotpatch KB5084597, which applies fixes without requiring a system reboot, minimizing disruption for enterprise environments. The update is available for Windows 11 versions 25H2 (OS Build 26200.7982) and 24H2 (OS Build 26100.7982) and is automatically deployed to systems configured for hotpatch-enabled updates. Standard Windows Update users will receive the fix through the regular update pipeline.

Microsoft confirmed no known issues with the patch at release and included the latest Servicing Stack Update (SSU) to ensure update reliability. The rapid deployment underscores the urgency of addressing RRAS vulnerabilities, particularly in high-risk enterprise environments.

Source: https://cyberpress.org/rras-rce-flaw-in-windows-11/

Microsoft Security Response Center cybersecurity rating report: https://www.rankiteo.com/company/microsoft-security-response-center

"id": "MIC1773657358",
"linkid": "microsoft-security-response-center",
"type": "Vulnerability",
"date": "3/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 'Organizations using Windows 11 '
                                              'with RRAS for routing, VPN '
                                              'services, and secure remote '
                                              'connectivity',
                        'industry': 'Software & IT Services',
                        'location': 'Global',
                        'name': 'Microsoft',
                        'size': 'Enterprise',
                        'type': 'Technology Company'}],
 'attack_vector': 'Malicious remote server connection',
 'customer_advisories': 'Organizations using Windows 11 with RRAS should apply '
                        'the patch immediately.',
 'data_breach': {'sensitivity_of_data': 'Confidential traffic and sensitive '
                                        'data'},
 'date_publicly_disclosed': '2026-03-13',
 'date_resolved': '2026-03-13',
 'description': 'On March 13, 2026, Microsoft issued an out-of-band security '
                'update to address three critical remote code execution (RCE) '
                'vulnerabilities in the Windows Routing and Remote Access '
                'Service (RRAS) management tool. The flaws, tracked as '
                'CVE-2026-25172, CVE-2026-25173, and CVE-2026-26111, affect '
                'enterprise networks relying on RRAS for routing, VPN '
                'services, and secure remote connectivity. The vulnerabilities '
                'could be exploited if a user connects to a malicious remote '
                'server, allowing attackers to execute arbitrary code, install '
                'malware, or gain unauthorized access to sensitive data. '
                'Successful exploitation may also enable deeper network '
                'intrusion, posing significant risks to organizations handling '
                'confidential traffic.',
 'impact': {'data_compromised': 'Sensitive data',
            'operational_impact': 'Potential unauthorized access, malware '
                                  'installation, and deeper network intrusion',
            'systems_affected': 'Windows 11 versions 25H2 (OS Build '
                                '26200.7982) and 24H2 (OS Build 26100.7982) '
                                'with RRAS enabled'},
 'investigation_status': 'Resolved',
 'post_incident_analysis': {'corrective_actions': 'Emergency patch deployment '
                                                  'and inclusion of Servicing '
                                                  'Stack Update (SSU) for '
                                                  'update reliability',
                            'root_causes': 'Critical vulnerabilities in '
                                           'Windows RRAS management tool'},
 'recommendations': 'Apply the emergency patch (hotpatch KB5084597) '
                    'immediately to mitigate risks. Ensure systems are '
                    'configured for automatic updates.',
 'references': [{'source': 'Microsoft Security Update'}],
 'response': {'communication_strategy': 'Public disclosure and patch release',
              'containment_measures': 'Emergency patch (hotpatch KB5084597) '
                                      'released without requiring system '
                                      'reboot',
              'remediation_measures': 'Hotpatch KB5084597 and standard Windows '
                                      'Update deployment'},
 'title': 'Microsoft Releases Emergency Patch for Critical RRAS '
          'Vulnerabilities in Windows 11',
 'type': 'Remote Code Execution (RCE)',
 'vulnerability_exploited': ['CVE-2026-25172',
                             'CVE-2026-25173',
                             'CVE-2026-26111']}