Key Takeaways
1. Microsoft launched KB5084597, a hotpatch for Windows 11 25H2 and 24H2, addressing a security flaw in the Routing and Remote Access Service (RRAS) tool.
2. The update resolves vulnerabilities CVE-2026-25172, CVE-2026-25173, and CVE-2026-26111, which could allow attackers to disrupt functions or execute code on devices.
3. KB5084597 is a specialized security fix, not a typical cumulative update, and only addresses RRAS-related issues.
4. The hotpatch is available for devices that support hotpatching, automatically downloading and applying without requiring a restart, aiming to minimize disruption.
5. It is primarily relevant for enterprise IT administrators and requires specific criteria for Arm64 devices, with no known issues reported at this time.
Microsoft has launched KB5084597, a hotpatch outside the usual update cycle for Windows 11 25H2 and 24H2, addressing a security flaw in the Windows Routing and Remote Access Service (RRAS) management tool. This update upgrades qualifying systems to OS Builds 26200.7982 and 26100.7982, and it was made available on March 13, 2026.
Security Focus
As noted on Microsoft’s support page, KB5084597 resolves a vulnerability tied to the RRAS management tool. They warn that if a user connects to a harmful remote server, an attacker might exploit this tool to disrupt its functions or execute code on the device. The hotpatch is connected to vulnerabilities designated as CVE-2026-25172, CVE-2026-25173, and CVE-2026-26111.
Targeted Release
This update is more specialized compared to a typical Patch Tuesday cumulative update. The changelog provided by Microsoft indicates that only a networking security fix is included, implying the patch was specifically released to address the RRAS security issue rather than to include a broader range of updates that are not security-related.
Limited Rollout
It’s important to note that KB5084597 isn’t a wide consumer rollout in the traditional sense. Microsoft clarifies that the update is only available for devices that support hotpatching, and it specifies that no action is needed for PCs receiving standard Windows updates. The patch will automatically download through Windows Update on eligible devices and will be applied without requiring a restart.
According to Microsoft’s documentation on hotpatches, these updates are designed to be installed without needing a reboot, aiming to enhance compliance and minimize disruption. This documentation mentions that hotpatch requires Windows Autopatch and is meant for devices that are managed under a suitable quality update policy.
Requirements for Arm64 Devices
Microsoft has also announced that hotpatch is now generally accessible for Windows 11 25H2 and 24H2 Arm64 devices, provided they meet certain criteria. On the KB5084597 webpage, Microsoft lists prerequisites for Arm64 devices, which includes having Windows 11 Enterprise, Intune with a hotpatch-enabled policy, an eligible license, enabled virtualization-based security, and compiling hybrid PE disabled.
This means that KB5084597 is primarily relevant to enterprise IT administrators rather than regular home users. However, for managed fleets that meet the requirements, this update illustrates why Microsoft continues to promote hotpatching: it allows for immediate security fixes to be deployed, applied automatically, and avoids the disruption of a reboot that typically interrupts work.
No Known Issues
As of now, Microsoft has stated that it is not aware of any known issues with KB5084597. This is noteworthy, especially considering how frequently emergency or out-of-band Windows patches can lead to deployment challenges, particularly when they involve security-sensitive networking elements.
Users can report any issues through Microsoft’s Feedback Hub.
Source:
Link
Leave a Reply