On March 13, 2026, Microsoft quietly released a critical security update for its Windows 11 operating system, targeting a severe vulnerability in the Routing and Remote Access Service (RRAS) management tool. The update, known as KB5084597, has since rippled through the tech world, sparking conversation among IT administrators and security experts alike. But what exactly happened, and why does this patch matter so much?
According to Microsoft’s official documentation, KB5084597 is an out-of-band hotpatch—meaning it was released outside the regular Patch Tuesday schedule—to address three specific vulnerabilities: CVE-2026-25172, CVE-2026-25173, and CVE-2026-26111. These flaws, if left unpatched, could allow an attacker to disrupt the RRAS management tool or even execute code on a targeted device. That’s a pretty big deal, especially for organizations relying on Windows 11 for mission-critical tasks.
The vulnerabilities themselves are particularly concerning because they could be exploited in a scenario where an authenticated domain user tricks a domain-joined user into sending a request to a malicious server through the RRAS snap-in. If successful, this attack vector opens the door for remote code execution on the affected device—a nightmare for any IT department. As reported by Neowin and corroborated by Microsoft’s advisory, the risk is real and immediate for enterprise environments where RRAS is used for remote server management.
What sets this hotpatch apart from standard Windows updates is its delivery mechanism. Traditional cumulative updates, like those released during the March 10, 2026 Patch Tuesday, require a system reboot to take effect. That’s not always practical for enterprise devices that need to remain online and operational around the clock. Enter the hotpatch: it applies fixes directly in memory, patching running processes without the need for a restart. The patched files are also written to disk, ensuring the fix persists after the next scheduled reboot. This approach is a boon for organizations that can’t afford downtime—even a few minutes of disruption can be costly in today’s always-on business landscape.
KB5084597 is specifically aimed at Windows 11 Enterprise devices enrolled in Microsoft’s hotpatch program and managed through Windows Autopatch. It covers versions 24H2 and 25H2, as well as Windows 11 Enterprise LTSC 2024. For those running eligible systems, the update installs automatically and seamlessly. As Microsoft puts it, “no action is required for PCs receiving standard Windows updates.” Devices not enrolled in the hotpatch program received the fix through the regular March 10, 2026 Patch Tuesday update, which also included a host of new features and security improvements for Windows 11 and 10 users.
For IT administrators managing large fleets of devices, especially in enterprise environments, the benefits are clear. Hotpatching allows for rapid deployment of critical fixes without the headaches of scheduling reboots or risking service interruptions. Microsoft’s documentation emphasizes that hotpatch updates are designed to improve compliance and reduce disruption—a message that’s likely music to the ears of anyone who’s ever had to coordinate a company-wide update after hours.
Interestingly, Microsoft also announced that hotpatch is now generally available for Windows 11 25H2 and 24H2 Arm64 devices. However, the requirements are fairly specific: the device must be running Windows 11 Enterprise, managed via Intune with a hotpatch-enabled policy, have an eligible license, virtualization-based security enabled, and compiled hybrid PE disabled. This makes the patch especially relevant for enterprise IT admins rather than everyday home users.
While the hotpatch addresses a critical security concern, Microsoft has stated that, as of publication, there are no known issues with KB5084597. That’s notable, given how emergency or out-of-band patches can sometimes introduce new problems—especially when they touch sensitive networking components. Still, Microsoft encourages users to report any issues via its Feedback Hub, underscoring its commitment to transparency and rapid response.
This update comes at a time when Windows 11 users—particularly those with Samsung laptops—are facing other challenges. As reported by Neowin, Microsoft acknowledged a serious issue affecting Samsung laptops running Windows 11 24H2 and 25H2 after the February 2026 Patch Tuesday updates. Users found themselves locked out of the system drive C, unable to open the drive, launch apps, execute common tasks, or elevate privileges. Microsoft is actively investigating the situation, but there are currently no workarounds. While unrelated to the RRAS vulnerability, this issue highlights the complex web of challenges that can emerge with large-scale operating system updates.
In the broader context of Microsoft’s ongoing efforts to secure its platforms, the release of KB5084597 is part of a larger strategy to make Windows updates more flexible, reliable, and less disruptive. The company has been steadily rolling out new features and improvements through its Insider programs and Patch Tuesday releases. For example, the March 2026 Patch Tuesday update, KB5079473, brought not only security fixes but also new features like Emoji 16.0, enhanced camera controls, File Explorer improvements, and RSAT support for Windows on ARM. Meanwhile, Microsoft’s Office apps for the web are receiving usability upgrades, and the company continues to push forward with its vision for a more integrated, secure, and user-friendly Windows ecosystem.
Hotpatching, in particular, represents a significant evolution in how software vendors can respond to threats in near real-time. By enabling security fixes to be deployed instantly and without downtime, Microsoft is addressing one of the perennial pain points in enterprise IT: balancing security with business continuity. As more organizations move to cloud-managed, always-on infrastructures, the ability to patch without rebooting will likely become an industry standard rather than a niche feature.
For now, Microsoft’s rapid response to the RRAS vulnerabilities—coupled with its transparent communication and the technical sophistication of the hotpatch approach—demonstrates a clear commitment to keeping Windows users safe. As cyber threats continue to evolve, so too must the tools and strategies used to combat them. It’s a game of cat and mouse, but for the moment, Microsoft seems to be staying one step ahead.
With KB5084597 now rolling out to eligible devices, enterprise users can breathe a little easier, knowing that a potentially devastating security hole has been swiftly closed—without the inconvenience of an unexpected reboot.