Windows 11 Update Causes OS to ‘Gain Weight’

This Week in IT

LISTEN ON:

Windows 11 just got heavier, literally! A new security update is doubling the size of critical OS files and Microsoft says it’s absolutely necessary. At the same time, the Microsoft Deployment Toolkit is quietly being killed off, pushing IT departments toward modern deployment, and this month’s Patch Tuesday unleashes 113 fixes, including a fresh zero-day already under attack.

Thanks to Cayosoft for sponsoring this episode!

Links and resources

Episode overview

This Week in IT – Key Updates & Insights:

Windows 11 Update Doubles Log File Sizes

A new Windows 11 security update introduces HMAC‑based integrity and authentication for the Common Log File System (CLFS). This closes a long‑standing privilege‑escalation vulnerability but significantly increases log file sizes, in some cases doubling them.
The change may cause issues for devices with limited disk space and adds CPU overhead for creating and accessing logs.

Microsoft is applying this change gradually over a 90‑day “learning period”, after which untouched logs become inaccessible unless manually updated using command‑line tools.

Microsoft Deployment Toolkit (MDT) Is Being Retired

Microsoft confirms that the Microsoft Deployment Toolkit is being phased out as a legacy technology.
Organizations are expected to move to Windows Autopilot or Configuration Manager OSD for operating system deployment going forward.

This is part of a broader modernization trend, similar to the upcoming retirement of WINS in Windows Server 2025. The narrator suggests that organizations may also use this moment to modernize by moving from Windows 10 (with extended security updates) to Windows 11.

Patch Tuesday: 113 Vulnerabilities Fixed

This month’s Patch Tuesday includes 113 vulnerabilities, including:

One actively exploited zero‑day in the Desktop Window Manager (related to a memory leak).
Eight critical vulnerabilities, many enabling remote code execution or privilege escalation without user interaction.

Microsoft also warns of a Secure Boot certificate expiration issue that could prevent devices from booting if not patched by June.

Additionally, a three‑year‑old vulnerable modem driver is simply being removed from Windows rather than patched.

Russell Smith

Editorial Director at Petri IT Knowledgebase. Russell has more than 20 years' experience working in IT. From small business to large government IT infrastructure projects. Russell started his writing career for Windows IT Pro magazine in the early 2000s. Since then, Russell has contributed to a variety of publications, including Petri, CDW's list of publications, and various industry blogs including Netwrix, BeyondTrust, and others. In addition to more than 1000 articles Russell has authored, he has also written a book on Windows security and co-authored another for Microsoft's MOAC series. Russell has also authored several courses for Pluralsight.