Microsoft's decision to pump out emergency fixes with depressing regularity has become a pattern that deserves scrutiny. In a span of three days this month, the software giant released two out-of-band hotpatches for Windows 11 Enterprise, each addressing critical problems that should never have reached production in the first place.
On March 13, Microsoft released a hotpatch to address a security issue in the Windows Routing and Remote Access Service (RRAS) management tool. Then, just three days later, it pushed another hotpatch on March 16 to fix Bluetooth issues in Windows 11 25H2 and 24H2. For organisations already stretched managing enterprise estates, this is becoming exhausting.
The Bluetooth fix is particularly revealing about what passes for quality assurance at Microsoft these days. The March 16 update fixes a problem that prevented Bluetooth devices from appearing on the Bluetooth and devices pages in Windows Settings, even if the devices are connected and functioning as expected, and could also prevent users from adding new devices because available devices did not appear in the list for connection. In a world where wireless headsets and peripherals are now standard workplace equipment, rendering them invisible to users is a substantial regression.
What makes this situation complicated is not the speed of the fixes, but the mechanism through which they are deployed. The hotpatch arrives the same month Microsoft said that hotpatching would become the default for Windows Autopatch. According to Microsoft, applying security fixes without waiting for a restart can help organisations reach 90 per cent compliance in half the time, while remaining in control. The efficiency argument is genuine: in mission-critical environments, avoiding reboots saves money and reduces risk. Using hotpatching means a reboot is not required.
Yet efficiency without visibility creates its own problems. The fix is aimed squarely at Windows 11 Enterprise users, specifically those on Windows 11 25H2 and Windows 11 24H2. This is not a universal patch. Hotpatch eligibility constraints and dependencies on management, licensing and device configuration mean that not all affected machines will receive the fix automatically. Enterprise administrators managing mixed estates now confront an asymmetric problem: some devices get silent, invisible remediation while others remain vulnerable. The administrative burden of tracking which devices received which fixes, and which still need traditional updates, falls on already stretched IT teams.
The deeper issue is one of accountability. Microsoft's shift toward out-of-band emergency patches suggests that quarterly Patch Tuesday updates have become less reliable than they once were. Microsoft has had a rocky start to the year on the update front. Its ring-based deployment strategy does not limit the blast radius when something goes wrong, and making hotpatching the default adds another variable that could produce unexpected consequences. Making hotpatching the default from May 2026 compounds this risk. Hotpatches are uninstallable only with a restart, and hotpatches may interact unexpectedly with older drivers, legacy agents, or security products that assume a consistent on-disk binary layout.
Reasonable people can disagree on the trade-off between speed and caution in software delivery. Enterprise organisations running mission-critical services often prefer the risk of a silent in-memory patch over the certainty of scheduled downtime. That is a legitimate operational choice. What is harder to defend is a development and testing process that allows regressions serious enough to warrant emergency patches to escape into production with such regularity. The pattern suggests either insufficient testing, or insufficient commitment to it.
For Australian enterprises relying on Windows 11 for their operations, the immediate task is practical: verify that hotpatch-eligible devices are enrolled correctly, monitor deployment status, and confirm that systems not enrolled in hotpatching receive the necessary fixes through standard channels. But the broader question remains unresolved: Microsoft's hotpatching strategy solves the problem of deployment speed at the cost of introducing new layers of complexity into system management. That is a reasonable engineering choice, but it deserves to be made transparently, with full awareness of the trade-offs involved.