Elite Enterprise Software Logo
My account linkPress to access My account
4.8
rating on Trustpilot

Microsoft Now Testing Hotpatch on Windows 11 24H2 and Windows 365

microsoft-tests-hotpatch-on-windows-11-24h2-windows-365

Microsoft has unveiled that Hotpatching for security updates is now available in preview for Windows 365 and Windows 11 Enterprise 24H2 client devices. This new feature marks a significant step forward in enhancing the security update process, enabling users to receive critical patches without the need for system restarts.

Hot patching aims to minimize disruption while ensuring devices stay up-to-date and protected. Let’s dive into what this new update means, how it works, and the requirements for using this feature.

What Is Hotpatching?

Hotpatching is a new update mechanism introduced by Microsoft that allows security updates to be applied to Windows systems without requiring a reboot. The key innovation behind Hotpatching is that it enables Windows to install security updates by patching the in-memory code of running processes. Instead of rebooting the system after each patch installation, Hotpatch can apply security fixes while the device remains operational, making the update process faster and less disruptive.

According to Microsoft, "Hotpatch updates are scoped and provide a complete set of OS security patches. No additional features are included." These updates take effect immediately upon installation, which helps ensure focused, rapid protection against security threats without interrupting user activities.

How Does Hotpatching Work?

When Hotpatching is available, Windows will download and install security updates in the background. During this process, the updates are applied to the system’s memory, rather than requiring a restart of the system to complete the installation.

Here’s a breakdown of the update cycle for devices with Hotpatching support:

  • Cumulative Security Updates: In January, April, July, and October (the first month of each quarter), devices with Hotpatching support will receive a cumulative security update. This update will include not only the latest security fixes but also any new features and enhancements, and the device will restart after installation.

  • Hotpatch Updates: During the remaining months of each quarter, devices will receive only security patches that do not require a restart. These updates will be installed in the background, and the device will remain up and running. This cycle of four restarts per year (for cumulative updates) and eight Hotpatch updates (without restarts) reduces the number of required restarts from twelve to just four each year, offering a smoother, uninterrupted user experience.

Why Is Hotpatching Important?

Minimized Downtime: For both businesses and individual users, the main advantage of Hotpatching is the reduction in downtime. Frequent reboots are often seen as disruptive, particularly in enterprise environments where systems are used continuously. Hotpatching ensures that updates are applied without affecting productivity, making it an essential feature for environments where uptime is critical.

Improved Security: By applying security patches immediately without waiting for a reboot, Hotpatching minimizes the time window in which a device may be vulnerable to exploits. This means faster protection against threats, ensuring devices are more secure as soon as patches are available.

Streamlined Update Process: For enterprises, Hotpatching means fewer manual interventions and less effort required to coordinate update installations. IT departments can automate the process, and devices stay secure and productive without the need for downtime during standard updates.

Requirements for Hotpatching

Organizations looking to use Hotpatching during its preview phase need to meet the following requirements:

  • Microsoft Subscription: A Microsoft subscription that includes Windows Enterprise E3 or E5, such as Microsoft 365 A3/A5, Microsoft 365 F3, or a Windows 365 Enterprise subscription.

  • Targeted Devices: Devices running Windows 11 Enterprise, version 24H2 (Build 26100.2033 or later).

  • Microsoft Intune: To enable Hotpatching, organizations will need to use Microsoft Intune to configure the deployment of Hotpatch updates.

Microsoft also mentioned that all other Windows 10 and Windows 11 devices will continue to receive standard monthly security updates, ensuring all devices are kept secure.

Hot patching and Windows 365

For organizations that use Windows 365, Hotpatching will be available for devices running the Windows 11 Enterprise 24H2 client, just as it is for traditional physical devices. Windows 365 is particularly popular for businesses adopting hybrid or remote working models, and the ability to apply updates in the background without disrupting virtual machines is a major benefit.

With Hotpatching in Windows 365, users can continue their work without interruptions while critical security updates are deployed seamlessly in the background. This feature is expected to provide significant benefits to organizations that rely on cloud desktops, ensuring they stay protected without any impact on user productivity.

Microsoft’s Broader Security Focus

This announcement comes during Microsoft’s Ignite 2024 conference, where the company revealed several new security initiatives. Along with Hotpatching, Microsoft shared details about Zero Day Quest, a new hacking event focusing on cloud and AI products with $4 million in rewards. Additionally, the company highlighted a new Windows 11 administrator protection security feature and a Quick Machine Recovery tool that helps administrators restore systems remotely in case of an unbootable device.

Furthermore, Windows 11 will also introduce Zero Trust DNS, ensuring that all DNS queries are directed through trusted DNS servers, and Config Refresh, which allows administrators to restore system settings to a pre-configured state.

Conclusion

With Hotpatching now available in preview for Windows 365 and Windows 11 Enterprise 24H2, Microsoft is paving the way for a more seamless and secure update process. The ability to install critical security patches without requiring a reboot offers significant advantages, particularly for businesses that need to minimize downtime and ensure constant security.

For organizations looking to take full advantage of the latest features, Hotpatching will reduce the number of system restarts needed while ensuring that devices remain protected from emerging threats. If you're looking to adopt this feature for your organization, make sure your subscription and devices meet the requirements to enable Hotpatching.

With this new approach to updates, Windows 365 and Windows 11 users can look forward to a more efficient, secure, and productive experience.


We use cookies to ensure you get the best experience on our website. Cookies are used (but not limited to) for ads personalisation and analytics. By clicking 'Accept All', you consent to our use of cookies in accordance with our Privacy Policy. You can remove your consent at any time via our Cookie Policy. By visiting our site or clicking 'Accept All', you also agree to our Terms and Conditions.