Microsoft Issues Emergency Patch for Critical Windows 11 RRAS Vulnerabilities

Microsoft Issues Emergency Patch for Critical Windows 11 RRAS Vulnerabilities

Briefly

"If a user connects to a malicious remote server, an attacker could disrupt the tool or run code on your device. CVE-2026-25172 is a remote code execution vulnerability in the RRAS management tool that can be triggered when a user or administrator connects to a malicious server through the RRAS interface. A specially crafted response from the attacker-controlled server could allow the attacker to disrupt service operations or execute arbitrary code on the victim's system."

"RRAS plays a critical role in many enterprise networks by enabling administrators to manage remote access services, including VPN connectivity, routing functions, and remote administration. The flaws are tracked as CVE-2026-25172, CVE-2026-25173, and CVE-2026-26111, each of which could allow an attacker to execute arbitrary code or disrupt system operations under certain conditions."

"CVE-2026-25173 is a related vulnerability affecting the same RRAS management component. Similar to CVE-2026-25172, exploitation occurs when a user or administrator connects to an attacker-controlled server. Once the connection is established, the attacker may be able to execute code on the victim system or trigger a denial-of-service condition that disrupts RRAS functionality."