hotpatch updates Archives

Winsage

March 15, 2026

Microsoft Releases Emergency Windows 11 Hotpatch to Fix Remote Code Execution Flaw

Microsoft has released an out-of-band hotpatch update, KB5084597, to address three critical remote code execution vulnerabilities (CVE-2026-25172, CVE-2026-25173, CVE-2026-26111) in the Windows Routing and Remote Access Service (RRAS) management tool. This update is specifically for Windows 11 Enterprise devices in the hotpatch program that did not receive fixes during the March 2026 Patch Tuesday. The vulnerabilities can be exploited by an authenticated attacker within the domain, potentially leading to remote code execution. Hotpatch updates apply fixes through in-memory patching without requiring a device reboot, making them suitable for mission-critical devices. The update is applicable to Windows 11 versions 24H2, 25H2, and Windows 11 Enterprise LTSC 2024, and will be automatically installed on enrolled devices without a restart. Non-enrolled devices received the fix via the standard March 10 Patch Tuesday update.

Winsage

March 11, 2026

Hotpatching goes default in Windows Autopatch whether you like it or not

Microsoft will enable hotpatch security updates by default starting with the May 2026 Windows security update. Hotpatch updates allow security enhancements to be applied without system restarts, while quarterly baseline updates will still require a restart. Windows Autopatch will manage updates using "testing rings" to progressively roll out updates and address any issues. Devices must run Windows 11 24H2 or later and have the April 2026 security update installed to receive hotpatch updates automatically. Existing update policies will remain intact, and administrators can opt out of hotpatch updates at the tenant or group policy level.

Winsage

March 11, 2026

Microsoft to enable Windows hotpatch security updates by default

Microsoft will enable hotpatch security updates by default for eligible Windows devices managed through Microsoft Intune and the Microsoft Graph API starting with the May 2026 Windows security update. This change aims to enhance security and reduce the time to achieve 90% patch compliance by half. The updates will be managed through Windows Autopatch, which allows organizations to apply updates without manual intervention. Administrators can manage hotpatch updates at the tenant level and can opt-out starting April 1, 2026. A Hotpatch quality updates report will be available in Intune to ensure devices are ready for the updates. Windows Autopatch became generally available in July 2022 and is currently operational on over 10 million production devices.

Winsage

March 11, 2026

Microsoft flips Windows Autopatch to default hotpatch security updates

Microsoft will automatically enable hotpatch security updates for Windows devices managed through Microsoft Intune or the Microsoft Graph API starting with the May 2026 Windows security update. This feature allows security fixes to be applied without requiring a device restart, improving compliance efficiency. Devices that install the April 2026 baseline security update will begin receiving hotpatch updates in May 2026, but this will only apply to devices not already assigned to a quality update policy. Organizations can opt out of hotpatch updates for specific device groups or their entire tenant starting April 1, 2026.

Winsage

February 11, 2026

Microsoft rolls out Windows 11 26H1, but you can’t have it

Microsoft has released Windows 11 26H1, which is specifically designed for devices with Qualcomm Snapdragon X2 hardware and is not intended for most users. This version will not be available as an in-place update, will not have a successor (26H2), and will not support hotpatch updates. IT administrators are advised to use Windows 11 versions 24H2 and 25H2 for enterprise deployment. The release marks the retirement of the .NET Framework 3.5 as a Windows Feature on Demand optional component, effective with Windows 11 version 26H1. Support for .NET Framework 3.5 will end on January 9, 2029, prompting developers to prioritize migration efforts. Only devices with Snapdragon X2 hardware running Windows 11 26H1 will be affected by this change.

Winsage

December 11, 2025

Windows Defender Firewall Service Vulnerability Let Attackers Disclose Sensitive Data

A vulnerability in the Windows Defender Firewall Service, designated as CVE-2025-62468, was disclosed on December 9, 2025, and has an Important severity rating. It results from an out-of-bounds read condition, allowing an authorized attacker with elevated privileges to access sensitive heap memory without user interaction. The vulnerability has a CVSS v3.1 base score of 4.4, indicating moderate severity, and is characterized by a local attack vector, low attack complexity, high privileges required, and no user interaction needed. Microsoft assessed the likelihood of exploitation as unlikely and has released security updates for affected products, including Windows Server 2025 and various versions of Windows 11. The vulnerability primarily affects organizations with strict access controls and monitoring protocols. Security researchers from Kunlun Lab are credited with responsibly disclosing this vulnerability.

Winsage

November 10, 2025

Advancing security with Windows and Surface | Microsoft SFI Report Nov 2025

Microsoft is committed to security through its Secure Future Initiative (SFI), which employs 34,000 engineers to enhance cybersecurity. The November 2025 SFI Progress Report outlines advancements in security, including principles of Secure by Design, Secure by Default, and Secure Operations integrated into Windows and Surface products. Key updates include: - Windows 11 introduces passwordless sign-in with Passkeys and FIDO2 credentials to reduce phishing risks. - Phishing-resistant multi-factor authentication (MFA) is now widely used, lowering account compromise risks. - Windows Hotpatch allows security updates without device restarts, achieving 81% compliance within 24 hours of Patch Tuesday. - Windows 11 features quick machine recovery for automatic, cloud-connected recovery from boot failures. Surface devices lead in security by enabling all recommended features by default and developing memory-safe firmware to address vulnerabilities. Notably, 70% of security vulnerabilities are linked to memory safety issues, and Surface uses Rust-based UEFI firmware to enhance defenses. Surface also develops Windows drivers in Rust to eliminate memory safety bugs and shares innovations through the Open Device Partnership to improve security across the ecosystem.

Winsage

November 4, 2025

Microsoft WSUS Patch Breaks Hotpatching on Windows Server 2025

A recent Microsoft security update (KB5070881) aimed at fixing a critical vulnerability in the Windows Server Update Service (WSUS) inadvertently disrupted hotpatching for some Windows Server 2025 systems enrolled in the Hotpatch program. This disruption prevents affected servers from applying updates without requiring a restart, forcing administrators to revert to traditional cumulative updates until January 2026. The vulnerability, CVE-2025-59287, allowed potential remote code execution by exploiting weaknesses in WSUS. Microsoft has since released a new update (KB5070893) that addresses the vulnerability while restoring hotpatching capabilities for those who have not yet installed the problematic update.

Winsage

November 3, 2025

Microsoft: Patch for WSUS flaw disabled Windows Server hotpatching

An out-of-band security update, KB5070881, has disrupted the hotpatching feature for some Windows Server 2025 devices. This update was released alongside reports of the CVE-2025-59287 remote code execution vulnerability. The Cybersecurity and Infrastructure Security Agency (CISA) has instructed U.S. government agencies to strengthen their systems against this vulnerability. Microsoft has acknowledged that the OOB update caused some Hotpatch-enrolled Windows Server 2025 systems to lose their enrollment status and has ceased distributing the update to these devices. Those who installed the update will not receive Hotpatch updates in November and December but will get standard monthly security updates. Administrators can install the KB5070893 security update to address the CVE-2025-59287 flaw without disrupting hotpatching. Microsoft has also disabled the display of synchronization error details in its WSUS error reporting system and resolved various issues affecting Windows 11.

Winsage

October 3, 2025

Transforming security and compliance at Microsoft with Windows Hotpatch

Security updates are crucial for system integrity, but traditionally require a reboot, causing productivity interruptions. Microsoft has introduced Windows Hotpatch, which allows critical updates to be applied without rebooting, enhancing compliance and user satisfaction. Hotpatch modifies in-memory code while the system is operational, leading to immediate updates without downtime. It is designed for efficiency with small payloads that minimize performance impact. Hotpatch updates undergo the same validation as standard updates and can address zero-day vulnerabilities without requiring a reboot. This technology is available for Windows 11 version 24H2 or later, Windows 365, Azure Virtual Desktop, and Windows Server 2022/2025 Azure Edition, with appropriate licensing. Hotpatch has evolved from internal server capabilities to support client machines and integrates with Autopatch, automating the update process for enterprise environments. Microsoft Digital plans to scale Hotpatch to 450,000 devices within four months, achieving high compliance rates quickly—81% within 24 hours and 90% within five days, compared to previous timelines of up to nine months. Since its general availability in April, Hotpatch has been deployed to over 4 million devices globally, enhancing user experience by making updates seamless and unobtrusive. Plans for further expansion and improvements in compliance visibility and reporting are underway.