Microsoft has announced the general availability of hot patches updates for business clients that use Windows 11 Enterprise 24h2 in X64 systems. “With these updates, you can quickly take measures to protect your cyberatory organization and minimize interruptions for users”they explain in the Windows IT professionals.
The application of hot patches allows the application of Security updates of the operating system in the backgroundeliminating the need to restart. This is achieved by patching the code in memory of the processes in execution, thus eliminating the inactivity time associated with traditional updates. The implementation of these updates is controlled by means of automatic Windows patches created in the Microsoft Intune console. The devices administered by these policies enabled for hot patches will receive quarterly updates.
These techniques of Hotpatching They offer numerous improvements when keeping the Windows customer devices updated, as Microsoft points out:
- Immediate protection: Hot patches updates enter into force immediately after installation, which provides rapid protection against vulnerabilities.
- Consistent security: The devices receive the same level of security patches as the monthly standard security updates published on the second Tuesday of each month.
- Minimum interruptions: Users can continue working without interruptions while the patches updates are installed. Patches updates do not require the PC to restart during the rest of the quarter.
To enable hot patches application For Windows customer devices it is necessary:
- A Microsoft subscription that includes Windows 11 Enterprise E3, E5 or F3, Windows 11 Education A3 or A5, or a Windows 365 Enterprise subscription.
- Devices that run Windows 11 Enterprise, 24h2 version (compilation 26100.2033 or posterior) and with the current baseline update installed
- An X64 CPU that includes AMD64 and Intel.
- Microsoft Intune to administer the implementation of hot patches updates with an enabled Windows quality update policy.
- Virtualization -based security (VBS) enabled
Microsoft indicates that patches updates for ARM64 devices are currently in a public preliminary version. However, administrators can temporarily disable compatibility with CHPE in the registration (HKLM System CurrentControlset Control Session Manager Memory Management and Dword Key Value: HotPathrestriSRS = 1) to access the functionality before the official launch.
For other compatible devices, patches updates can activate or deactivate in the Microsoft Intune Administration Centeraccessing devices> “Windows updates”> “Create Windows Quality Update Directive”.
It must be said that this technology of Hotpatching It is not completely new in the Microsoft ecosystem. The hot patch function was initially introduced for the main virtual machines of Windows Server Azure Edition and subsequently generalized in Windows Server 2022 Datacenter: Azure Edition: Azure Edition. Since then, Microsoft has incorporated hot patches into several preliminary versions of operating systems, but has not yet extended it to the general public. It is expected that Hot patches are incorporated into the future editions for the final consumerWindows 11 Home y Pro.
