Table of Contents
Why Did Microsoft Release the Emergency Windows 11 KB5084597 Update?
Emergency Hotpatch Details
Microsoft released an unexpected emergency hotfix, KB5084597, for Windows 11 versions 24H2 and 25H2 on March 13, 2026. This security update targets critical flaws in the Windows Routing and Remote Access Service (RRAS) management tool. Microsoft distributed this fix exclusively through the hotpatch channel. This delivery method allows administrators to secure systems immediately without disrupting operations with a system reboot.
Understanding the Vulnerabilities
The update patches three specific integer overflow vulnerabilities: CVE-2026-25172, CVE-2026-25173, and CVE-2026-26111. Each vulnerability carries a Common Vulnerability Scoring System (CVSS) severity score of 8.0. These vulnerabilities create a pathway for an attacker to execute arbitrary code across a corporate network. The core technical issue stems from how the RRAS tool handles data during remote server connections.
Risk Assessment and Mitigation
An attacker faces significant barriers to exploiting these flaws. The attacker must already possess domain authentication credentials. They must also successfully trick another domain-joined user into connecting to a malicious remote server via the RRAS snap-in. Once connected, the malicious server sends compromised data back to the user’s system to trigger the code execution. Because these strict prerequisites are difficult to meet, security experts consider active exploitation highly unlikely, though IT teams should still apply the patch promptly to maintain optimal network hygiene.