Windows 11: Hotpatching has arrived
Microsoft has now released hot patching for Windows 11 clients. Enterprise customers can now run for several months without having to reboot.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
Security updates for Windows without having to restart the operating system: What Windows servers have been able to do for some time is now also available for Windows 11 clients. Hotpatching enables updates to be installed without the need for a restart.
(Image:Â Microsoft)
In a blog post from Microsoft's tech community, the company announces the immediate availability of the technology. Accordingly, Windows 11 Enterprise 24H2 for x64 processor architectures, i.e., AMD and Intel CPUs, can now be secured without requiring a reboot.
Advantages of restart-free updates
The advantages of hot patching are obvious, but Microsoft lists them again. The system receives immediate protection, as security gaps are plugged directly. The security level remains constant and is at the same level as with the standard monthly security updates, which require a restart to activate the new software. This also minimizes work interruptions.
Videos by heise
However, even with Microsoft's hot patching, there is no permanent reboot: once a quarter, approximately every 90 days, a reboot is necessary; Microsoft calls this “cumulative baseline months”, which take place in January, April, July, and October. In between, the Windows updates receive different KB and build numbers, depending on whether it is a standard system with monthly reboots or a hotpatching system.
IT admins who have a Microsoft Enterprise subscription of levels E3, E5, F3 or an Education subscription A3 and A5 or a Windows 365 Enterprise license can switch their Windows 11 Entperise clients from builds 24H2 26100.2033 on AMD and Intel x64 CPUs to hotpatching. To do this, they need administration with Microsoft's Intune, for example. There you will find the option “Devices” – “Windows updates” – “Create Windows quality update policy” in the Admin Center, which must be set to “Allow”.
If you want to activate the preview for ARM64 systems, you can do this by setting a registry key. In the path HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management, the DWORD HotPatchRestrictions must be set to 1.
Microsoft announced at the end of last November that Windows 11 clients would also receive hotpatching capabilities. The company had already made it clear at that time that enterprise customers would benefit from the technology.
(dmk)
