CP
cyberpings
VulnerabilitiesHIGH

Windows 11 Vulnerabilities - Microsoft Releases Critical Update

SCSC Media
CVE-2026-25172CVE-2026-25173CVE-2026-26111Windows 11RRAS
🎯

Basically, Microsoft fixed serious security holes in Windows 11 that could let hackers take control of your computer.

Quick Summary

Microsoft has issued a critical update for Windows 11 to fix serious RRAS vulnerabilities. These flaws could allow remote code execution. Users must apply the patch to safeguard their systems immediately.

The Flaw

Microsoft has recently identified critical vulnerabilities in the Windows Routing and Remote Access Service (RRAS) management tool. These vulnerabilities, tracked as CVE-2026-25172, CVE-2026-25173, and CVE-2026-26111, could allow malicious actors to execute remote code if a user connects to a compromised server. This risk is particularly concerning for enterprise environments where RRAS is commonly utilized.

The vulnerabilities were initially addressed during the March 2026 Patch Tuesday updates. However, the newly released out-of-band hotpatch update, identified as KB5084597, is specifically designed for Windows 11 versions 25H2, 24H2, and Enterprise LTSC 2024. This update allows for immediate fixes without the need for a system reboot, which is essential for maintaining uptime in mission-critical systems.

What's at Risk

The primary risk associated with these vulnerabilities is the potential for remote code execution. If exploited, attackers could gain unauthorized access and control over affected systems. This could lead to data breaches, system manipulation, or further exploitation of the network.

Enterprise clients using Windows Autopatch are particularly vulnerable, as the RRAS tool is integral to managing remote connections. Organizations relying on these services must prioritize applying the out-of-band update to mitigate the risks associated with these vulnerabilities.

Patch Status

The out-of-band update is now available for eligible Windows 11 devices. Organizations should ensure that their systems are updated promptly to protect against these vulnerabilities. The update can be applied in memory, which means it does not require a reboot, allowing for a seamless update process without disrupting business operations.

Microsoft has emphasized the importance of applying this update, especially for enterprises that cannot afford downtime. Users are encouraged to check their update settings and confirm that the latest patches are installed.

Immediate Actions

To protect your systems, follow these steps:

  • Check for Updates: Go to your Windows Update settings and ensure that the latest patches are installed.
  • Review Security Policies: Ensure that your organization’s security policies are updated to account for these vulnerabilities.
  • Educate Users: Inform users about the risks of connecting to unknown servers and the importance of security hygiene.

By taking these actions, organizations can significantly reduce their exposure to the threats posed by these vulnerabilities. Timely updates and user education are key components of a robust security strategy.

🔒 Pro insight: The rapid release of this out-of-band update indicates the potential for active exploitation; enterprises should prioritize deployment to mitigate risks.

Original article from

SC Media

Read Full Article

Share

Related Pings

MEDIUMVulnerabilities

Vulnerabilities - CISA Adds Wing FTP Server Flaw Alert

CISA has flagged a vulnerability in Wing FTP Server that could expose sensitive information. Organizations using older versions need to act quickly to protect their systems. This flaw could lead to further attacks if not addressed promptly.

Security Affairs·
HIGHVulnerabilities

HPE Vulnerability - Critical Update for Telco Service Orchestrator

HPE has issued a security advisory regarding a vulnerability in the Telco Service Orchestrator. Users of versions before v4.2.12 are at risk. Immediate updates are necessary to protect against potential exploits.

Canadian Cyber Centre Alerts·
CRITICALVulnerabilities

CVE-2025-47812 - Critical Wing FTP Server Vulnerability Alert

A critical vulnerability in Wing FTP Server has been discovered and actively exploited. Users of versions v7.4.3 and prior are at risk. Immediate updates to v7.4.4 are essential for protection.

Canadian Cyber Centre Alerts·
HIGHVulnerabilities

Vulnerabilities - CISA Flags Wing FTP Server Flaw Exploited

CISA has issued a warning about a critical vulnerability in Wing FTP Server. This flaw affects numerous organizations, including federal agencies. Immediate patching is essential to prevent potential remote code execution attacks.

BleepingComputer·
HIGHVulnerabilities

UK's Companies House - Security Flaw Exposed Business Data

A serious security flaw at Companies House exposed sensitive data of five million companies for five months. This raises significant concerns about data protection and privacy. Companies House is investigating the incident and has reported it to the relevant authorities.

BleepingComputer·
HIGHVulnerabilities

Microsoft Edge Vulnerability - Critical Update Released

Microsoft has released a critical update for Edge to fix CVE-2026-3910. Users must update to version 146.0.3856.59. This vulnerability poses serious risks, so immediate action is essential.

Canadian Cyber Centre Alerts·