Microsoft's December 2024 Hotpatch KB5048794: Key Security Updates for Windows 11

  • Thread Author
On December 10, 2024, Microsoft announced the hotpatch public preview KB5048794, which brings significant updates to Windows 11 operating systems, specifically targeting enterprise users running the Windows 11 Enterprise LTSC 2024. This release marks yet another evolution in Microsoft's ongoing commitment to enhance the security and performance of its operating systems.

What is Hotpatching?​

Before we delve into the specifics of this update, let’s brush up on what hotpatching actually is. In simple terms, hotpatching allows for the application of updates to the operating system without requiring a complete system reboot. This technique greatly minimizes downtime, crucial for enterprise environments where maintaining availability is a top priority.

Background on Windows 11 Build​

The new hotpatch introduces OS Build 26100.2528, which focuses on improving internal OS functionality. The inclusion of security enhancements subtly works in the background, allowing users to enjoy a smoother experience without the abrupt interruptions often associated with traditional updating processes.

Key Improvements and Fixes​

Security Measures​

The December 2024 hotpatch incorporates miscellaneous security improvements targeting the core functionalities of the Windows operating system. This is especially pertinent in today's environment, where cyber threats are more sophisticated than ever. Microsoft has not detailed any new features being included, as the focus remains strictly on security.

Prerequisites for Installation​

For users operating ARM-based devices, there's a prerequisite worth noting. To ensure maximum security when applying hotpatch updates, a special registry key must be set:
  • Registry Key:
    HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
    DWORD: HotPatchRestrictions=1
Once this key is set and the device is restarted, there is no need to modify it again, which makes it a one-time setup for ongoing secure updates.

How to Install the Update​

This hotpatch can be installed using various release channels, including:
  • Windows Update: Automatically updates through the Windows Update service.
  • Microsoft Update Catalog: For those preferring a standalone package or requiring specific control over their update process.
It's worth noting that if you have already installed prior updates, only the new fixes included in this latest hotpatch will be downloaded and installed on your device. This selective installation helps conserve bandwidth and speeds up the update process.

Step-by-Step Installation Guide​

  1. Open Windows Update: Go to Settings > Update & Security.
  2. Check for Updates: Select “Check for updates.” This will initiate the download for KB5048794 if it hasn’t been installed.
  3. Registry Modification: If you’re on an ARM device, ensure the registry key for hotpatch restrictions is set before restarting your device.
  4. Restart: After setting the registry and installing the update, restart your system to apply changes effectively.

Conclusion​

The release of KB5048794 signifies Microsoft's proactive approach to maintaining the security fabric of its enterprise offerings while minimizing operational disruptions. By embracing hotpatch technology, they continue to make strides in ensuring that users can maintain productivity without sacrificing security.
As always, for Windows users in enterprise environments, staying informed and prepared for these updates is crucial. Keep an eye on the Windows release health dashboard and follow @WindowsUpdate for the latest news.
Will you be implementing this update immediately, or do you prefer to wait for more widespread reporting on its efficacy? Join the discussion on WindowsForum.com!

Source: Microsoft Support December 10, 2024—Hotpatch public preview KB5048794 (OS Build 26100.2528) - Microsoft Support