From a090aa8c5658291e9dcea12669f1c69a1b42161b Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Tue, 1 Apr 2025 11:21:18 -0700 Subject: [PATCH 1/3] Hotpatch GA --- .../manage/windows-autopatch-hotpatch-updates.md | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/windows/deployment/windows-autopatch/manage/windows-autopatch-hotpatch-updates.md b/windows/deployment/windows-autopatch/manage/windows-autopatch-hotpatch-updates.md index 78799f5867..68013d96d5 100644 --- a/windows/deployment/windows-autopatch/manage/windows-autopatch-hotpatch-updates.md +++ b/windows/deployment/windows-autopatch/manage/windows-autopatch-hotpatch-updates.md @@ -1,7 +1,7 @@ --- title: Hotpatch updates description: Use Hotpatch updates to receive security updates without restarting your device -ms.date: 03/31/2025 +ms.date: 04/02/2025 ms.service: windows-client ms.subservice: autopatch ms.topic: how-to @@ -15,10 +15,7 @@ ms.collection: - tier1 --- -# Hotpatch updates (public preview) - -> [!IMPORTANT] -> This feature is in public preview. It's being actively developed and might not be complete. They're made available on a "Preview" basis. You can test and use these features in production environments and scenarios and provide feedback. +# Hotpatch updates Hotpatch updates are designed to reduce downtime and disruptions. Hotpatch updates are [Monthly B release security updates](/windows/deployment/update/release-cycle#monthly-security-update-release) that install and take effect without requiring you to restart the device. By minimizing the need to restart, these updates help ensure faster compliance, making it easier for organizations to maintain security while keeping workflows uninterrupted. From 6a5a981a557721571a872bd2018755109cf0f529 Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Tue, 1 Apr 2025 13:27:08 -0700 Subject: [PATCH 2/3] Arm 64 devices are still in preview --- .../manage/windows-autopatch-hotpatch-updates.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/deployment/windows-autopatch/manage/windows-autopatch-hotpatch-updates.md b/windows/deployment/windows-autopatch/manage/windows-autopatch-hotpatch-updates.md index 68013d96d5..13c164c255 100644 --- a/windows/deployment/windows-autopatch/manage/windows-autopatch-hotpatch-updates.md +++ b/windows/deployment/windows-autopatch/manage/windows-autopatch-hotpatch-updates.md @@ -51,6 +51,9 @@ VBS must be turned on for a device to be offered Hotpatch updates. For informati ### Arm 64 devices must disable compiled hybrid PE usage (CHPE) (Arm 64 CPU Only) +> [!IMPORTANT] +> Arm 64 devices are in public preview. It's being actively developed and might not be complete. They're made available on a "Preview" basis. You can test and use these features in production environments and scenarios and provide feedback. + This requirement only applies to Arm 64 CPU devices when using Hotpatch updates. Hotpatch updates aren't compatible with servicing CHPE OS binaries located in the `%SystemRoot%\SyChpe32` folder. To ensure all the Hotpatch updates are applied, you must set the CHPE disable flag and restart the device to disable CHPE usage. You only need to set this flag one time. The registry setting remains applied through updates. To disable CHPE, create and/or set the following DWORD registry key: Path: `HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management` DWORD key value: HotPatchRestrictions=1 From 99dc7c35c0284cb86acd2f25e5007ba7225a4e3c Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Tue, 1 Apr 2025 13:28:23 -0700 Subject: [PATCH 3/3] Tweaked the Arm 42 devices preview note and section --- .../manage/windows-autopatch-hotpatch-updates.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/windows-autopatch/manage/windows-autopatch-hotpatch-updates.md b/windows/deployment/windows-autopatch/manage/windows-autopatch-hotpatch-updates.md index 13c164c255..a3eb3ff2fb 100644 --- a/windows/deployment/windows-autopatch/manage/windows-autopatch-hotpatch-updates.md +++ b/windows/deployment/windows-autopatch/manage/windows-autopatch-hotpatch-updates.md @@ -49,10 +49,10 @@ To prepare a device to receive Hotpatch updates, configure the following operati VBS must be turned on for a device to be offered Hotpatch updates. For information on how to set and detect if VBS is enabled, see [Virtualization-based Security (VBS)](/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity?tabs=security). -### Arm 64 devices must disable compiled hybrid PE usage (CHPE) (Arm 64 CPU Only) +### Arm 64 devices must disable compiled hybrid PE usage (CHPE) (Arm 64 CPU Only) (Public preview) > [!IMPORTANT] -> Arm 64 devices are in public preview. It's being actively developed and might not be complete. They're made available on a "Preview" basis. You can test and use these features in production environments and scenarios and provide feedback. +> **Arm 64 devices are in public preview**. It's being actively developed and might not be complete. They're made available on a "Preview" basis. You can test and use these features in production environments and scenarios and provide feedback. This requirement only applies to Arm 64 CPU devices when using Hotpatch updates. Hotpatch updates aren't compatible with servicing CHPE OS binaries located in the `%SystemRoot%\SyChpe32` folder. To ensure all the Hotpatch updates are applied, you must set the CHPE disable flag and restart the device to disable CHPE usage. You only need to set this flag one time. The registry setting remains applied through updates. To disable CHPE, create and/or set the following DWORD registry key: Path: `HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management`