MC1115976 - Hotpatching is now available for 64-bit Arm architecture

More enterprise environments can now experience the power of security updates that do not require a restart. Hotpatching is now available for Windows 11, version 24H2 Arm64 devices. All you need to do is check your prerequisites, disable Compiled Hybrid PE (CHPE), and enroll these devices into a quality update policy with hotpatching enabled.

When this will happen:

Hotpatching for 64-bith Arm architecture is now generally available.

How this will affect your organization:

With hotpatching, your organization can benefit from:

• Faster compliance: Security updates are applied immediately, reducing the window of vulnerability.
• No downtime: Users stay productive—no forced restarts or interruptions.
• Smaller update payloads: Faster installs and easier update orchestration.
• Enterprise-grade control: Integrated with Microsoft Intune and Windows Autopatch for streamlined management.

What you need to do to prepare:

Review Hotpatching now available for 64-bit Arm architecture to check if you meet the prerequisites and additional guidance to get started.

A unique prerequisite for Arm64 devices is disabling Compiled Hybrid PE (CHPE). Do this in one of the following ways:

• Use the DisableCHPE policy. Apply the following configuration service provider (CSP) setting via Microsoft Intune or Group Policy, then restart the device once: ./Device/Vendor/MSFT/Policy/Config/Hotpatch/DisableCHPE = 1
• Use registry keys. You can also set the following registry key value to 1 and then restart the device once: HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\HotPatchRestrictions = 1

Additional information:

• Read Hotpatching now available for 64-bit Arm architecture for the complete announcement and technical guide.
• Find the DisableCHPE policy at System Policy CSP.
• Learn how to Enroll devices to receive hotpatch updates.
• Consult our comprehensive documentation on hotpatch updates.