hotpatching Archives

Winsage

November 21, 2024

An end to rebooting? Microsoft’s latest change means you won’t need to restart your work laptop for every Windows update any more

Microsoft is rolling out hotpatching capabilities to Windows 11 Enterprise and Microsoft 365 users, allowing for rebootless updates. This feature enables users to download and install security updates without interrupting their work. Hotpatch updates activate immediately upon installation, reducing system downtime and improving efficiency by updating in-memory code without needing additional binaries. This process enhances security by allowing quicker installations and minimizing vulnerability time. Hotpatching has been available for Windows Server 2022 Datacenter: Azure Edition since February 2022, but there are no plans to extend this feature to Windows 11 Home and Pro editions at this time.

Winsage

November 20, 2024

Rebootless updates come to Windows 11 Enterprise and 365 for security updates — Microsoft releases hotpatching for Windows 11 Enterprise 24H2 and Windows 365 Preview Editions

Microsoft has begun rolling out a hot patch update for security enhancements in Windows 11 Enterprise 24H2 and Microsoft 365 Preview Builds. This update allows users to download and install security patches via Windows Updates without needing to reboot their devices. Hotpatch updates provide a complete set of OS security patches but do not include additional features. They enable immediate activation of patches upon installation, improving security protection speed. However, hotpatching is limited to security patches, and Cumulative Updates will still require a system restart. Hotpatching does not apply to non-security updates for Windows Server 2022 and 2025. Windows 11 Enterprise editions are part of the Windows Enterprise subscription, which requires a Windows 11 Pro license for full feature access. There is speculation about hotpatching for Windows Home and Pro editions, but it is particularly beneficial for complex deployments in business environments.

Winsage

November 20, 2024

Windows security and resiliency: Protecting your business

Microsoft prioritizes security and is set to unveil new security advancements during Ignite 2024, including insights from a July incident and investments to enhance security measures. The Secure Future Initiative (SFI) has dedicated the equivalent of 34,000 full-time engineers to address security challenges. The upcoming November update will provide insights and actionable learnings for customers. The Windows Resiliency Initiative focuses on improving reliability, enabling more applications to run without admin privileges, implementing stronger controls over applications and drivers, and enhancing identity protection against phishing attacks. Quick Machine Recovery will allow IT administrators to execute fixes remotely, available to the Windows Insider Program in early 2025. Microsoft is evolving partnerships with endpoint security providers through the Microsoft Virus Initiative (MVI) and is developing new capabilities for security product developers. A private preview for these capabilities will be available in July 2025, and Microsoft is transitioning to safer programming languages. Windows 11 is designed to be more secure than Windows 10, requiring a hardware-backed security baseline for new PCs. Features like Windows Hello Enhanced Sign-in Security and the Microsoft Pluton security processor enhance security. Windows 11 has led to a reported 62% reduction in security incidents and a threefold decrease in firmware attacks. New features in Windows 11 address challenges such as overprivileged users, unverified apps, and insecure credentials. Administrator protection allows users to make system changes securely without persistent admin privileges. Multifactor Authentication (MFA) is emphasized, with Windows Hello serving as the built-in MFA solution. Smart App Control and App Control for Business policies ensure that only verified applications can run, while Windows Protected Print integrates with Mopria-certified devices to enhance security. Personal Data Encryption safeguards files in known folders, and Hotpatch allows critical security updates without system restarts. Zero Trust DNS restricts devices to approved domains, and Config Refresh helps maintain preferred configurations. Microsoft emphasizes collaboration with OEMs and app developers to ensure Windows is secure by design and default.

Winsage

November 20, 2024

KB5046696 Windows 11 24H2 LTSC hotpatch update out, no restart required

Microsoft unveiled its first hotpatch update for Windows 11 24H2 LTSC Enterprise, designated as Build 26100.2240 under KB5046696, during Ignite 2024. This update is currently in preview and includes miscellaneous security improvements to internal OS functionality. Hotpatching allows updates to be applied without requiring a system reboot or user intervention, ensuring immediate implementation. This method maintains security levels, as updates are installed automatically through Windows Update. The update provides the same level of security patching as standard monthly updates, takes effect immediately, and allows users to maintain productivity without needing to restart their devices. Additionally, Microsoft introduced checkpoint cumulative updates earlier this year to minimize update sizes and reduce download bandwidth and storage requirements.

Winsage

November 20, 2024

Microsoft brings hotpatch updates to Windows 11

Microsoft is introducing hotpatch updates to Windows 11 24H2, allowing security updates without requiring a system restart. This feature is currently in preview for Windows 11 Enterprise users. To use hotpatching, users must operate on Windows 11 Enterprise 24H2 and have a Microsoft subscription that includes Windows Enterprise E3 or E5, or a Windows 365 Enterprise subscription, along with Microsoft Intune for deployment. Hotpatch updates provide a complete set of OS security patches that take effect immediately upon installation. The update process involves installing a standard monthly security update with a restart in the first month of each quarter, followed by two months of hotpatch updates that do not require a restart. This approach reduces the number of required restarts from twelve to four each year.

Winsage

November 20, 2024

Windows 11 KB5046696 rolls out hotpatch (no reboot) updates for 24H2

Windows 11 has released update KB5046696, exclusive to the Enterprise edition of Windows 11 24H2, which introduces a new "hotpatch" approach that allows updates to be applied without requiring a system reboot. This feature, previously used in Windows Server, is currently limited to the Enterprise LTSC edition, with no plans to extend it to Pro or Home editions. The update enhances OS functionality through security improvements, though specific changes have not been disclosed. The hotpatching process modifies in-memory code of active processes, enabling updates to occur without disrupting running applications, but requires a baseline cumulative monthly update that still necessitates a reboot. Future minor updates will utilize hotpatching, while non-security updates will still require traditional updates and reboots. There is no timeline for when hotpatching will be available for consumer editions.

Winsage

November 20, 2024

Microsoft now testing hotpatch on Windows 11 24H2 and Windows 365

Microsoft has introduced hotpatching in preview for Windows 365 and Windows 11 Enterprise 24H2 client devices, allowing security updates to be installed without rebooting. Hotpatching, which has been part of the Windows ecosystem since February 2022, enables background installation of security updates, patching in-memory code without disrupting user activities. These updates provide a complete set of OS security patches without additional features. The update cycle includes cumulative security updates in January, April, July, and October, with hotpatch updates in the intervening months, reducing required restarts from twelve to four annually. Organizations must have a Microsoft subscription that includes Windows Enterprise E3 or E5, devices running Windows 11 Enterprise version 24H2 or later, and Microsoft Intune for management to utilize hotpatching. Eligible organizations can enable hotpatch updates through a new Windows quality update policy in Intune. Devices not meeting the criteria will continue to receive standard monthly security updates.

Winsage

November 13, 2024

Microsoft says unexpected Windows Server 2025 automatic upgrades were due to faulty third-party tools

Numerous businesses experienced an unexpected upgrade to Windows Server 2025 from Windows Server 2019 and 2022, which occurred automatically overnight. Microsoft attributed the issue to third-party patch management tools that may not have been properly configured, urging users to verify their settings. However, some industry insiders, including Heimdal Security, claimed the problem originated from a bug on Microsoft's side, affecting about 7% of their clients due to a procedural error. The upgrade was linked to cumulative update KB5044284, which was meant to be optional. Windows Server 2025 introduces advanced features for security, performance, and hybrid cloud capabilities. The situation is complicated by the absence of clear rollback procedures for affected organizations.

Winsage

November 6, 2024

Windows Server 2025 is now available – but Microsoft warns admins to watch out for three major bugs, including one that causes the dreaded blue screen of death

Microsoft has released Windows Server 2025, succeeding Windows Server 2022, along with System Center 2025. This version supports seamless application deployment across on-premises, hybrid, and cloud environments. Key security enhancements include improved Active Directory cryptographic support and defenses against various attacks on server message block (SMB). New features for cloud services include hotpatching, which requires an additional subscription fee, and integration with Azure Arc for better onboarding and network management. Windows Server 2025 is optimized for AI and machine learning workloads, offering up to 60% more storage IOPs performance than its predecessor. Certain features, such as WordPad and the Windows PowerShell 2.0 engine, have been discontinued. Microsoft has acknowledged three bugs related to installation: English text display issues, problems with high-core-count devices, and a "boot device inaccessible" error in iSCSI environments. Windows Server 2025 is available now, with extended support until 2034 and mainstream support until 2029. Users can upgrade from Windows Server 2012 R2 and Windows Server 2022 will be supported until October 2026. The operating system is compatible with most 64-bit processors, and a list of certified processors is provided.

Winsage

November 5, 2024

Microsoft confirms Windows Server 2025 blue screen, install issues

Microsoft has acknowledged bugs in Windows Server 2025 affecting systems with more than 256 logical processors, leading to installation failures, prolonged restarts, and Blue Screen of Death (BSOD) errors. Symptoms include unresponsive installation processes, server restarts taking over three hours, and blue screens during application launches. Not all devices are affected, and users can check their system's logical processor count via the Windows Task Manager. Microsoft is working on a fix for these issues, expected in a future update, and recommends limiting logical processors to 256 or fewer as a temporary solution. Additional problems include language discrepancies during installation and boot issues in iSCSI environments. Windows Server 2025, introduced in January to the Windows Insider program, includes features like next-gen Active Directory and hotpatching capabilities, and is now generally available with a 180-day trial.