Windows Autopatch enables hotpatch security updates by default for eligible devices
Security Tool/Service
Summary
Hide ▲
Show ▼
Microsoft is changing Windows Autopatch to enable hotpatch security updates by default, speeding security-fix rollout for eligible devices and reducing restart-related delay. The change reaches eligible devices through Microsoft Intune and Microsoft Graph API starting with the May 2026 Windows security update. Microsoft said the approach can help organizations reach 90% compliance in half the time while keeping administrative control.
Related Happenings
Microsoft Windows 11 KB5089549 cumulative update
Security Patch Release
First: 18.05.2026 11:33
Last: 18.05.2026 11:33
Sources 1
About this happening:
Microsoft's **KB5089549** **Windows 11** security update is failing to install on some systems, forcing affected devices to roll back during reboot. The problem is tied to a nearl...
Microsoft Windows 11 KB5089549 cumulative update
Security Patch ReleaseAbout this happening: Microsoft's **KB5089549** **Windows 11** security update is failing to install on some systems, forcing affected devices to roll back during reboot. The problem is tied to a nearl...
Azure Backup for AKS Trusted Access permission tightening
Security Patch Release
First: 16.05.2026 23:55
Last: 16.05.2026 23:55
Sources 1
About this happening:
**Microsoft** appears to have silently tightened **Azure Backup for AKS**, closing a **Trusted Access** authorization path that could let a low-privileged role reach **cluster-adm...
Azure Backup for AKS Trusted Access permission tightening
Security Patch ReleaseAbout this happening: **Microsoft** appears to have silently tightened **Azure Backup for AKS**, closing a **Trusted Access** authorization path that could let a low-privileged role reach **cluster-adm...
Microsoft Edge stops loading saved passwords into cleartext memory at startup
Security Tool/Service
First: 15.05.2026 17:49
Last: 15.05.2026 17:49
Sources 1
About this happening:
**Microsoft Edge** is changing its built-in password manager so **saved passwords** are no longer loaded into **process memory in clear text** at startup, reducing the risk of loc...
Microsoft Edge stops loading saved passwords into cleartext memory at startup
Security Tool/ServiceAbout this happening: **Microsoft Edge** is changing its built-in password manager so **saved passwords** are no longer loaded into **process memory in clear text** at startup, reducing the risk of loc...
Microsoft adds Cloud-Initiated Driver Recovery for Windows Update driver rollbacks
Security Tool/Service
First: 15.05.2026 15:29
Last: 15.05.2026 15:29
Sources 1
About this happening:
Microsoft is adding **Cloud-Initiated Driver Recovery** to **Windows Update**, giving it a remote rollback control for **problematic Windows drivers**. The capability reduces how...
Microsoft adds Cloud-Initiated Driver Recovery for Windows Update driver rollbacks
Security Tool/ServiceAbout this happening: Microsoft is adding **Cloud-Initiated Driver Recovery** to **Windows Update**, giving it a remote rollback control for **problematic Windows drivers**. The capability reduces how...
Microsoft Exchange CVE-2026-42897 mitigation advisory
Advisory/Mitigation
First: 15.05.2026 12:40
Last: 15.05.2026 12:40
Sources 1
About this happening:
**Microsoft** issued immediate mitigation guidance for **CVE-2026-42897**, reducing risk for **Exchange Server 2016, 2019, and Subscription Edition (SE)** on-premises servers that...
Microsoft Exchange CVE-2026-42897 mitigation advisory
Advisory/MitigationAbout this happening: **Microsoft** issued immediate mitigation guidance for **CVE-2026-42897**, reducing risk for **Exchange Server 2016, 2019, and Subscription Edition (SE)** on-premises servers that...
Latest development: 15.05.2026 15:35
Microsoft issued temporary mitigation guidance for CVE-2026-42897 while a patch is still in development, recommending the Exchange Emergency Mitigation (EM) Service, which is enabled by default and can be checked with the Exchange Health Checker script, or the Exchange On-premises Mitigation Tool (EOMT) for disconnected or air-gapped environments. Microsoft noted that the mitigations can disrupt features such as OWA Print Calendar and Inline images, and that servers older than March 2023 cannot receive new mitigations through EM Service.
Timeline
-
11.03.2026 11:15 2 articles · 2mo ago
Windows Autopatch hotpatch default change
Mitigation Patch UpdateMicrosoft changed the default behavior of Windows Autopatch to enable hotpatch security updates for eligible devices, including devices managed through Microsoft Intune and those using Microsoft Graph API, starting with the May 2026 Windows security update. The change is intended to speed security-fix deployment without waiting for a restart and to help organizations reach compliance faster while remaining in control.
Show sources
- Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days — thehackernews.com — 11.03.2026 11:15
- Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days — thehackernews.com — 11.03.2026 11:15