Windows 11 hotpatch live
Microsoft released an out-of-band hotpatch (KB5084597) for Windows 11 24H2/25H2 to fix a critical RRAS remote-code-execution flaw — it installs without a reboot. The patch targets managed endpoints and should be treated as an immediate apply for any Windows 11 devices that provide network services or remote access.
KB5084597 was published on March 13, 2026 support.microsoft.com and targets OS build jumps to 26200.7982 (25H2) and 26100.7982 (24H2). notebookcheck.net The hotpatch fixes three RRAS flaws tracked as CVE‑2026‑25172, CVE‑2026‑25173 and CVE‑2026‑26111 support.microsoft.com; public CVE records and vulnerability databases list those issues as high‑severity with CVSS scores reported at 8.8, 8.0 and 8.8 respectively. cvefind.com All three RRAS fixes were also included in Microsoft’s March 10, 2026 Patch Tuesday cumulative release for standard Windows 11 devices (KB5079473 and related KBs). support.microsoft.com Microsoft says the hotpatch package is offered only to hotpatch‑enabled devices and is delivered with the latest servicing stack update (SSU) — the SSU for this release is KB5083532 (version 26100.8035). support.microsoft.com Enrollment and prerequisites for hotpatching are explicit: administrators must disable Compiled Hybrid PE (CHPE) where applicable and enroll systems in a quality update policy with Hotpatch enabled before devices become eligible. support.microsoft.com Microsoft’s KB article states no known issues at publication time, and industry outlets recorded a brief re‑release/redo of the hotpatch rollout during the March mid‑month push. support.microsoft.com
