Per Microsoft, starting June 23 2025, the Microsoft Hotpatch feature setting will be enabled by default in Quality Update policies. The update applies to devices that meet the prerequisites for Hotpatch. With Hotpatch, updates are applied to machines without requiring a device reboot. However, what is Rapid7 doing regarding this change? It appears that when updates are applied using Hotpatch to mitigate a vulnerability, Rapid7 InsightVM does not pick up that information, and it still reports the vulnerabilities unless the machine is rebooted.
3 Likes
Hi @rmoses
We are aware of the Microsoft Hotpatch feature, and are committed to working to deliver this soon, and have it on our Q3 roadmap.
I currently do not have an ETA for delivery, as this will depend on the complexity of supporting both Hotpatches, and standard patches, in an accurate way without introducing accuracy issues in either deployment method.
This is one of the top priorities for our Microsoft Coverage team.
4 Likes
We’re experiencing the same issue and are currently deciding whether to pause the application of hot patches while Rapid7 continues its investigation. Additionally, the second paragraph of the previous update seems unclear. Could you please confirm whether Rapid7 remains committed to supporting this, especially considering we’re well into the third quarter?
Hot patches have the potential to transform our patching process—particularly for laptop users—so it would be unfortunate to take a step backward.
1 Like
We remain committed to supporting this. The team are planning to be able to commit to an ETA by the end of this month, and I would be hoping the delivery will follow relatively quickly
1 Like
We are also experiencing this issue. We as of right now can’t see if the patch is applied on the clients.
Quick update on this - we are currently working towards a tentative delivery of this support in time for Octobers Patch Tuesday.
Is there a date we can expect this by? We would like to enable hotpatching as soon as it’s available
We do not have a concrete date yet, but we still expect to have this ready in time for Octobers Patch Tuesday.
We will release it as soon as it is ready, and provide you an update here as soon as we have one
1 Like
Good news everyone - the team got ahead of schedule, and delivered support for Windows hotpatching within our vulnerability content.
This shipped last Wednesday, as part of content update version 1.1.3701 (update ID 2319248367).
If you are up-to-date with your content version, then we will be taking hotpatching for Windows into consideration as part of our vulnerability assessments.
2 Likes
Seems like even with latest updates, the windows CVE’s are still only performing one check “microsoft-windows-cve-2025-55226-windows_11-24h2-kb5065426”, which is not inclusive of the hotpatch KB’s. September is KB5065474
https://support.microsoft.com/en-us/topic/september-9-2025-hotpatch-kb5065474-os-build-26100-6508-1591ce1b-9c6f-4bc9-8d3d-d65240a738ee
We have not added additional checks for hotpatching, rather updated the existing check logic to account for hotpatching.
The name of the check will still refer to the standard KB for patching, but the logic within will account for either the standard KB, or the hotpatch KB.
The response from customers so far has been positive, with the changes working as intended. If you are still experiencing false positives after taking the update and rescanning, please submit a support case for us to investigate
2 Likes
Thanks, i didn’t see this update but we will plan on testing this to see how it works.