Microsoft Issues Urgent Hotpatch for Windows 11 RCE Vulnerability
Basically, Microsoft fixed a serious flaw in Windows 11 that could let hackers take control of devices remotely.
Microsoft has released a critical hotpatch for Windows 11 to fix serious vulnerabilities. Affected devices include Windows 11 Enterprise systems. This update is crucial to prevent remote code execution that could compromise sensitive data.
The Flaw
Microsoft has released an urgent out-of-band (OOB)? hotpatch to address critical vulnerabilities in the Windows Routing and Remote Access Service (RRAS). This service is essential for managing remote connections and server access. The vulnerabilities, tracked as CVE-2026-25172, CVE-2026-25173, and CVE-2026-26111, could allow an attacker to execute remote code on affected devices. This means that if a user connects to a malicious server while using RRAS, their device could be compromised.
The hotpatch update, identified as KB5084597, specifically targets Windows 11 versions 25H2 and 24H2, along with Windows 11 Enterprise LTSC 2024 systems. Microsoft indicated that this issue mainly affects Enterprise client devices that utilize hotpatch updates instead of the standard monthly cumulative updates. The vulnerabilities were already addressed in the March 2026 Patch Tuesday updates, but the hotpatch provides a more immediate solution without requiring a reboot.
What's at Risk
The vulnerabilities pose a significant risk, particularly for organizations that rely on Windows 11 Enterprise devices for remote server management. An attacker could exploit these flaws by tricking a domain-joined user into sending a request to a malicious server. This could lead to unauthorized access and control over the affected systems, potentially compromising sensitive data and critical infrastructure.
Microsoft has stated that while the vulnerabilities were already fixed in the regular updates, the hotpatch is crucial for devices that cannot afford downtime. The hotpatch allows for in-memory patching, which means the fixes can be applied without restarting the system immediately, ensuring that mission-critical applications remain operational.
Patch Status
The hotpatch is cumulative, meaning it includes all previous fixes from the March 2026 security updates. Microsoft has emphasized that this update will only be available for devices enrolled in the hotpatch update program and managed through Windows Autopatch. This automated process ensures that the hotpatch is installed without user intervention, minimizing the risk of exploitation.
It's worth noting that Microsoft had previously released hotfixes for these vulnerabilities but decided to re-release them to ensure comprehensive coverage across all affected scenarios. This proactive approach highlights the importance of maintaining updated security measures in an ever-evolving threat landscape.
Immediate Actions
For users and organizations running Windows 11 Enterprise devices, it is crucial to ensure that the hotpatch is applied as soon as possible. Here are some recommended actions:
- Check Enrollment: Verify if your devices are enrolled in the hotpatch update program.
- Monitor Updates: Regularly check for updates via Windows Autopatch? to ensure timely installation of the hotpatch.
- Educate Users: Inform users about the risks associated with connecting to unknown servers, especially when using RRAS.
By taking these steps, organizations can significantly reduce their exposure to potential attacks stemming from these vulnerabilities. Staying vigilant and applying updates promptly is key to maintaining a secure environment.
BleepingComputer