Windows Autopatch Archives

Winsage

May 1, 2025

Windows 11 April security patch quietly blocks 24H2 update, but are you impacted?

Microsoft is preparing to release the Windows 11 25H2 update in October, aimed at facilitating the transition to Windows 11 24H2. However, the rollout of Windows 24H2 has faced issues, with many PCs experiencing blocks due to third-party applications and technical problems. The April security patch, released on April 8, has complicated the upgrade process for some users, particularly those with the patch KB5055528 installed, leading to error code 0x80240069. This issue mainly affects IT administrators using Windows Server Update Services (WSUS), while individual users on Windows 11 Home are largely unaffected. Microsoft is investigating the problem and plans to release a fix by the next Patch Tuesday on May 13. Additionally, organizations are advised to explore alternative update management solutions, as WSUS is no longer under active development.

Winsage

April 8, 2025

Windows Server Update Services live to patch another day

Microsoft has announced an extension of support for Windows Server Update Services (WSUS), postponing the planned end of support originally set for April 2025, in response to user feedback. The decision comes shortly before the scheduled cutoff and addresses challenges associated with disconnected device scenarios. Initially, Microsoft planned to make drivers available only through the Microsoft Update Catalog, but user feedback prompted a change. While some IT administrators may welcome the decision, others argue that WSUS is outdated and lacks essential capabilities for modern security. Gene Moody, field CTO at Action1, noted that WSUS is ill-equipped to meet contemporary demands and highlighted its limitations in enforcing updates and providing real-time visibility. Moody suggested that the extension of support is influenced by specific scenarios where WSUS remains necessary, such as environments with legal obligations or air-gapped networks. He cautioned that this decision should not be seen as a shift away from Microsoft's goal of phasing out WSUS in favor of cloud-based solutions.

Winsage

April 8, 2025

Microsoft listens to users and revises its WSUS driver synchronization deprecation plans

Microsoft has decided to postpone the removal of Windows Server Update Services (WSUS) driver synchronization, which was initially scheduled for April 18, 2025, due to user feedback. WSUS will continue to synchronize driver updates from the Windows Update service and import them from the Microsoft Update Catalog. Microsoft is encouraging administrators to consider alternative technologies such as Windows Autopatch, Microsoft Intune, and Azure Update Manager.

Winsage

April 8, 2025

WSUS Driver Synchronization: Microsoft postpones end

Microsoft has postponed the discontinuation of driver distribution via Windows Server Update Services (WSUS), originally set for April 18, due to substantial user feedback. WSUS Driver Synchronization, initially marked as “deprecated,” will continue to be supported and operational, although it will not receive active development. Microsoft acknowledged the needs of users in disconnected environments and will maintain the service for synchronizing driver updates from the Windows Update Service and importing updates from the Microsoft Update Catalog. The company is also developing a new roadmap to streamline services and promote alternative technologies like Microsoft Intune and Windows Autopatch for Windows 11 devices.

Winsage

April 7, 2025

Microsoft delays WSUS driver sync deprecation indefinitely

Microsoft has indefinitely postponed the removal of driver synchronization within Windows Server Update Services (WSUS) in response to customer feedback. The planned removal, originally set for April 18, 2025, has been put on hold as the company works on a revised timeline. This decision marks a shift from previous communications that indicated the deprecation of WSUS driver synchronization. Microsoft had initially announced the intention to phase out this feature in June 2024 and had encouraged IT administrators to adopt cloud-based solutions. Despite the earlier deprecation announcement, Microsoft will continue to support existing WSUS capabilities and publish updates.

Winsage

April 4, 2025

Hotpatch Updates Come To Windows, Reducing Downtime

Microsoft has introduced hotpatch updates for Windows 11 Enterprise, version 24H2 for x64 (AMD/Intel) CPU devices, aimed at reducing downtime caused by system updates. Administrators can create a hotpatch-enabled quality update policy within the Windows Autopatch framework via the Microsoft Intune console, allowing eligible devices to automatically enroll in this update cycle. Hotpatch updates enable swift implementation of security measures without disruptive reboots, while devices on Windows 10 and earlier will continue to receive standard monthly security updates. Feedback from users has been positive, with many noting the immediate application of security updates as a significant advantage.

Winsage

April 2, 2025

Microsoft adds hotpatching support to Windows 11 Enterprise

Microsoft has made hotpatch updates available for business customers using Windows 11 Enterprise 24H2 on x64 systems, allowing seamless installation of security updates without device reboots. Hotpatching modifies in-memory code of active processes to deploy updates without interrupting user activities. Devices under a hotpatch-enabled quality update policy will receive updates quarterly, with no restarts required for eight months of the year. A Microsoft subscription is necessary to activate hotpatching, and devices must meet specific prerequisites, including an x64 CPU and enabled Virtualization-based Security. Hotpatch updates can be managed through Microsoft Intune, and devices on Windows 10 and versions 23H2 and lower will continue to receive standard updates. Microsoft initially introduced hotpatch support for Windows Server Azure Edition in February 2022 and has expanded testing to include Windows 11 24H2.

Winsage

February 19, 2025

Deprecation approaches for WSUS driver synchronization

Microsoft has announced the deprecation of driver synchronization through Windows Server Update Services (WSUS), effective April 18, 2025. After this date, drivers will still be available through the Microsoft Update Catalog for on-premises environments, but importing them directly into WSUS will no longer be possible. A 2024 survey indicated that 34 percent of respondents were using WSUS for driver synchronization, with 8 percent expressing concerns about the deprecation. Alternatives to WSUS include Device Driver Packages, Microsoft Intune, and Windows Autopatch. WSUS has been included in the deprecation list since September 2024, and while it remains operational, Microsoft has stopped active development on it.

Winsage

November 20, 2024

Windows security and resiliency: Protecting your business

Microsoft prioritizes security and is set to unveil new security advancements during Ignite 2024, including insights from a July incident and investments to enhance security measures. The Secure Future Initiative (SFI) has dedicated the equivalent of 34,000 full-time engineers to address security challenges. The upcoming November update will provide insights and actionable learnings for customers. The Windows Resiliency Initiative focuses on improving reliability, enabling more applications to run without admin privileges, implementing stronger controls over applications and drivers, and enhancing identity protection against phishing attacks. Quick Machine Recovery will allow IT administrators to execute fixes remotely, available to the Windows Insider Program in early 2025. Microsoft is evolving partnerships with endpoint security providers through the Microsoft Virus Initiative (MVI) and is developing new capabilities for security product developers. A private preview for these capabilities will be available in July 2025, and Microsoft is transitioning to safer programming languages. Windows 11 is designed to be more secure than Windows 10, requiring a hardware-backed security baseline for new PCs. Features like Windows Hello Enhanced Sign-in Security and the Microsoft Pluton security processor enhance security. Windows 11 has led to a reported 62% reduction in security incidents and a threefold decrease in firmware attacks. New features in Windows 11 address challenges such as overprivileged users, unverified apps, and insecure credentials. Administrator protection allows users to make system changes securely without persistent admin privileges. Multifactor Authentication (MFA) is emphasized, with Windows Hello serving as the built-in MFA solution. Smart App Control and App Control for Business policies ensure that only verified applications can run, while Windows Protected Print integrates with Mopria-certified devices to enhance security. Personal Data Encryption safeguards files in known folders, and Hotpatch allows critical security updates without system restarts. Zero Trust DNS restricts devices to approved domains, and Config Refresh helps maintain preferred configurations. Microsoft emphasizes collaboration with OEMs and app developers to ensure Windows is secure by design and default.

Winsage

November 20, 2024

Microsoft now testing hotpatch on Windows 11 24H2 and Windows 365

Microsoft has introduced hotpatching in preview for Windows 365 and Windows 11 Enterprise 24H2 client devices, allowing security updates to be installed without rebooting. Hotpatching, which has been part of the Windows ecosystem since February 2022, enables background installation of security updates, patching in-memory code without disrupting user activities. These updates provide a complete set of OS security patches without additional features. The update cycle includes cumulative security updates in January, April, July, and October, with hotpatch updates in the intervening months, reducing required restarts from twelve to four annually. Organizations must have a Microsoft subscription that includes Windows Enterprise E3 or E5, devices running Windows 11 Enterprise version 24H2 or later, and Microsoft Intune for management to utilize hotpatching. Eligible organizations can enable hotpatch updates through a new Windows quality update policy in Intune. Devices not meeting the criteria will continue to receive standard monthly security updates.