Merge pull request #312916 from RochakSingh-blr/automation-security-update-windows-hybrid-worker-extension

Azure Automation Windows Hybrid Worker Extension (1.3.74) security update

Author: prmerger-automator[bot]

articles/automation/whats-new.md

@@ -4,7 +4,7 @@ description: Significant updates to Azure Automation updated each month.
 services: automation
 ms.subservice:
 ms.topic: overview
-ms.date: 08/12/2025
+ms.date: 03/10/2026
 ms.custom: references_regions
 ms.author: v-rochak2
 author: RochakSingh-blr
@@ -23,6 +23,16 @@ Azure Automation receives improvements on an ongoing basis. To stay up to date w
 
 This page is updated monthly, so revisit it regularly. If you're looking for items older than six months, you can find them in [Archive for What's new in Azure Automation](whats-new-archive.md).
 
+## March 2026
+
+### Security Update: Azure Automation Windows Hybrid Worker Extension (1.3.74)
+
+Windows Hybrid Worker Extension Version 1.3.74 includes a security improvement that strengthens access controls for communication with Hybrid Instance Metadata Service (HIMDS).
+
+Under specific startup timing conditions, the Windows Hybrid Worker Extension tries to connect to HIMDS before the service is fully initialized. In this narrow window, a local nonprivileged process can impersonate the metadata service endpoint and gain unauthorized read access to protected metadata or configuration information.
+
+This release addresses the issue by adding an extra validation to ensure that it connects only to trusted, system owned metadata endpoints. These changes enhance protection of system metadata and configuration information by ensuring access is limited to trusted system components.
+
 ## August 2025
 
 ### Deployment resumption: Azure Automation revised Service and Subscription limits