hotpatch Archives

Winsage

December 11, 2025

Windows Defender Firewall Service Vulnerability Let Attackers Disclose Sensitive Data

A vulnerability in the Windows Defender Firewall Service, designated as CVE-2025-62468, was disclosed on December 9, 2025, and has an Important severity rating. It results from an out-of-bounds read condition, allowing an authorized attacker with elevated privileges to access sensitive heap memory without user interaction. The vulnerability has a CVSS v3.1 base score of 4.4, indicating moderate severity, and is characterized by a local attack vector, low attack complexity, high privileges required, and no user interaction needed. Microsoft assessed the likelihood of exploitation as unlikely and has released security updates for affected products, including Windows Server 2025 and various versions of Windows 11. The vulnerability primarily affects organizations with strict access controls and monitoring protocols. Security researchers from Kunlun Lab are credited with responsibly disclosing this vulnerability.

Winsage

November 30, 2025

Windows 11 bug “hides” your password sign-in button and Microsoft’s fix is… hover and click the right spot

Microsoft has acknowledged a bug in Windows 11 that obscures the “password” icon, preventing users from accessing the password field when logging in. This issue affects all PCs that have installed specific updates released between August 29 and November 11, 2023. Users who wish to log in using a password instead of a PIN are primarily impacted. Although the password button remains functional when hovering over the area where the icon should be, Microsoft has humorously suggested clicking randomly on the lock screen as a workaround.

Winsage

November 22, 2025

Microsoft: Out-of-band update fixes Windows 11 hotpatch install loop

Microsoft has released the KB5072753 out-of-band cumulative update to fix a recurring issue with the November 2025 KB5068966 hotpatch update on Windows 11 systems, where the hotpatch was being reinstalled repeatedly. The update is being distributed to all Windows 11 25H2 devices and resolves the bug while also including improvements and security fixes from the earlier KB5068966 update. Users do not need to install prior updates before applying KB5072753, as it supersedes all previous updates. Additionally, Microsoft issued an emergency update for Windows 10 to address installation issues related to the November 2025 extended security updates, and resolved incorrect end-of-support warnings for Windows 10 users after the October 2025 updates.

Winsage

November 10, 2025

Advancing security with Windows and Surface | Microsoft SFI Report Nov 2025

Microsoft is committed to security through its Secure Future Initiative (SFI), which employs 34,000 engineers to enhance cybersecurity. The November 2025 SFI Progress Report outlines advancements in security, including principles of Secure by Design, Secure by Default, and Secure Operations integrated into Windows and Surface products. Key updates include: - Windows 11 introduces passwordless sign-in with Passkeys and FIDO2 credentials to reduce phishing risks. - Phishing-resistant multi-factor authentication (MFA) is now widely used, lowering account compromise risks. - Windows Hotpatch allows security updates without device restarts, achieving 81% compliance within 24 hours of Patch Tuesday. - Windows 11 features quick machine recovery for automatic, cloud-connected recovery from boot failures. Surface devices lead in security by enabling all recommended features by default and developing memory-safe firmware to address vulnerabilities. Notably, 70% of security vulnerabilities are linked to memory safety issues, and Surface uses Rust-based UEFI firmware to enhance defenses. Surface also develops Windows drivers in Rust to eliminate memory safety bugs and shares innovations through the Open Device Partnership to improve security across the ecosystem.

Winsage

November 4, 2025

Microsoft WSUS Patch Breaks Hotpatching on Windows Server 2025

A recent Microsoft security update (KB5070881) aimed at fixing a critical vulnerability in the Windows Server Update Service (WSUS) inadvertently disrupted hotpatching for some Windows Server 2025 systems enrolled in the Hotpatch program. This disruption prevents affected servers from applying updates without requiring a restart, forcing administrators to revert to traditional cumulative updates until January 2026. The vulnerability, CVE-2025-59287, allowed potential remote code execution by exploiting weaknesses in WSUS. Microsoft has since released a new update (KB5070893) that addresses the vulnerability while restoring hotpatching capabilities for those who have not yet installed the problematic update.

Winsage

November 3, 2025

Microsoft: Patch for WSUS flaw disabled Windows Server hotpatching

An out-of-band security update, KB5070881, has disrupted the hotpatching feature for some Windows Server 2025 devices. This update was released alongside reports of the CVE-2025-59287 remote code execution vulnerability. The Cybersecurity and Infrastructure Security Agency (CISA) has instructed U.S. government agencies to strengthen their systems against this vulnerability. Microsoft has acknowledged that the OOB update caused some Hotpatch-enrolled Windows Server 2025 systems to lose their enrollment status and has ceased distributing the update to these devices. Those who installed the update will not receive Hotpatch updates in November and December but will get standard monthly security updates. Administrators can install the KB5070893 security update to address the CVE-2025-59287 flaw without disrupting hotpatching. Microsoft has also disabled the display of synchronization error details in its WSUS error reporting system and resolved various issues affecting Windows 11.

Winsage

October 3, 2025

Transforming security and compliance at Microsoft with Windows Hotpatch

Security updates are crucial for system integrity, but traditionally require a reboot, causing productivity interruptions. Microsoft has introduced Windows Hotpatch, which allows critical updates to be applied without rebooting, enhancing compliance and user satisfaction. Hotpatch modifies in-memory code while the system is operational, leading to immediate updates without downtime. It is designed for efficiency with small payloads that minimize performance impact. Hotpatch updates undergo the same validation as standard updates and can address zero-day vulnerabilities without requiring a reboot. This technology is available for Windows 11 version 24H2 or later, Windows 365, Azure Virtual Desktop, and Windows Server 2022/2025 Azure Edition, with appropriate licensing. Hotpatch has evolved from internal server capabilities to support client machines and integrates with Autopatch, automating the update process for enterprise environments. Microsoft Digital plans to scale Hotpatch to 450,000 devices within four months, achieving high compliance rates quickly—81% within 24 hours and 90% within five days, compared to previous timelines of up to nine months. Since its general availability in April, Hotpatch has been deployed to over 4 million devices globally, enhancing user experience by making updates seamless and unobtrusive. Plans for further expansion and improvements in compliance visibility and reporting are underway.

Winsage

August 12, 2025

Windows 11 KB5063878 & KB5063875 cumulative updates released

Microsoft has released two cumulative updates for Windows 11: KB5063878 for version 24H2 and KB5063875 for version 23H2, addressing security vulnerabilities and various issues. Users can install the updates via Start > Settings > Windows Update or download them from the Microsoft Update Catalog. For Windows 11 Enterprise or Windows Server with Hotpatch, update KB5064010 is available, sharing the same fixes with a build number of 26100.4851. After installation, the build number for Windows 11 24H2 will be 26100.4946, and for 23H2, it will be 226x1.5768. Support for Windows 11 23H2 will end on November 11, 2025. The updates include new features and fixes in the Settings app, Windows Resiliency Initiative, Start menu, Snap functionality, Windows Search, input enhancements, File Explorer, desktop icons, and notifications. Microsoft has reported no known issues with this update.

Winsage

June 27, 2025

Windows Blue screen of death axed after 40 years, but BSOD still remains — will be replaced by new black Windows 11 ‘unexpected restart screen’

Microsoft has introduced a new black variant of the "blue screen of death" (BSOD) for Windows, which will provide essential information like stop codes and fault system drivers. This update is part of the "Windows Resiliency Initiative" aimed at improving product robustness. The sad emoticon face will be retired, and the new BSOD is scheduled for release in Windows 11 later this summer, featuring a user interface update and a Quick Machine Recovery (QMR) feature. Other upcoming features include Connected Cache, Universal Print, Hotpatch Update, and Windows 365 Reserve. Users on older Windows 10 systems will still see the traditional BSOD with the frowning face emoji.

Winsage

June 26, 2025

The Windows Resiliency Initiative: Building resilience for a future-ready enterprise

Resilience is now a strategic necessity for organizations, prompting Microsoft to launch the Windows Resiliency Initiative (WRI) to integrate resilience and security into the Windows platform. In September 2024, Microsoft held the Windows Endpoint Security Ecosystem Summit (WESES) with endpoint security vendors and government representatives to discuss enhancing resilience. Following the summit, collaboration with Microsoft Virus Initiative (MVI) partners has increased, focusing on improving Windows security and reliability through rigorous testing and safe deployment practices. Next month, Microsoft will begin a private preview of a new Windows endpoint security platform for select MVI partners, allowing security solutions to operate outside the Windows kernel for better reliability. Microsoft has released the Windows Resiliency Initiative e-book to guide organizations in building resilience. Innovative products introduced under the WRI include: - Quick machine recovery (QMR) for faster recovery from unexpected restarts, reducing downtime to approximately two seconds. - Microsoft Connected Cache to enhance bandwidth efficiency during updates by caching content locally. - Universal Print anywhere for secure printing from any location. - Hotpatch updates for critical security updates without requiring a restart. - Windows 365 Reserve for secure access to a temporary Cloud PC during device disruptions.