hotpatching Archives

Winsage

November 4, 2025

Microsoft WSUS Patch Breaks Hotpatching on Windows Server 2025

A recent Microsoft security update (KB5070881) aimed at fixing a critical vulnerability in the Windows Server Update Service (WSUS) inadvertently disrupted hotpatching for some Windows Server 2025 systems enrolled in the Hotpatch program. This disruption prevents affected servers from applying updates without requiring a restart, forcing administrators to revert to traditional cumulative updates until January 2026. The vulnerability, CVE-2025-59287, allowed potential remote code execution by exploiting weaknesses in WSUS. Microsoft has since released a new update (KB5070893) that addresses the vulnerability while restoring hotpatching capabilities for those who have not yet installed the problematic update.

Winsage

November 3, 2025

Microsoft: Patch for WSUS flaw disabled Windows Server hotpatching

An out-of-band security update, KB5070881, has disrupted the hotpatching feature for some Windows Server 2025 devices. This update was released alongside reports of the CVE-2025-59287 remote code execution vulnerability. The Cybersecurity and Infrastructure Security Agency (CISA) has instructed U.S. government agencies to strengthen their systems against this vulnerability. Microsoft has acknowledged that the OOB update caused some Hotpatch-enrolled Windows Server 2025 systems to lose their enrollment status and has ceased distributing the update to these devices. Those who installed the update will not receive Hotpatch updates in November and December but will get standard monthly security updates. Administrators can install the KB5070893 security update to address the CVE-2025-59287 flaw without disrupting hotpatching. Microsoft has also disabled the display of synchronization error details in its WSUS error reporting system and resolved various issues affecting Windows 11.

Winsage

October 27, 2025

Microsoft: New policy removes pre-installed Microsoft Store apps

Microsoft has introduced a new app management policy for IT administrators managing Windows 11 Enterprise and Education devices, allowing the removal of pre-installed Microsoft Store apps (in-box apps). This feature is available for devices running Windows 11 Enterprise 25H2 and Windows 11 Education 25H2 through management tools like CSP, GPO, and Microsoft Intune. The policy simplifies app management by eliminating the need for custom installation images and complex scripting, enabling administrators to efficiently select and remove apps from a predefined list. The policy is disabled by default and must be enabled by administrators. It is compatible with both Group Policy and MDM solutions, including Microsoft Intune. Implementation steps for Microsoft Intune include creating a new policy in the admin center, configuring settings to enable the removal of default Microsoft Store packages, and assigning the policy to desired device groups.

Winsage

October 3, 2025

Transforming security and compliance at Microsoft with Windows Hotpatch

Security updates are crucial for system integrity, but traditionally require a reboot, causing productivity interruptions. Microsoft has introduced Windows Hotpatch, which allows critical updates to be applied without rebooting, enhancing compliance and user satisfaction. Hotpatch modifies in-memory code while the system is operational, leading to immediate updates without downtime. It is designed for efficiency with small payloads that minimize performance impact. Hotpatch updates undergo the same validation as standard updates and can address zero-day vulnerabilities without requiring a reboot. This technology is available for Windows 11 version 24H2 or later, Windows 365, Azure Virtual Desktop, and Windows Server 2022/2025 Azure Edition, with appropriate licensing. Hotpatch has evolved from internal server capabilities to support client machines and integrates with Autopatch, automating the update process for enterprise environments. Microsoft Digital plans to scale Hotpatch to 450,000 devices within four months, achieving high compliance rates quickly—81% within 24 hours and 90% within five days, compared to previous timelines of up to nine months. Since its general availability in April, Hotpatch has been deployed to over 4 million devices globally, enhancing user experience by making updates seamless and unobtrusive. Plans for further expansion and improvements in compliance visibility and reporting are underway.

Winsage

June 26, 2025

The Windows Resiliency Initiative: Building resilience for a future-ready enterprise

Resilience is now a strategic necessity for organizations, prompting Microsoft to launch the Windows Resiliency Initiative (WRI) to integrate resilience and security into the Windows platform. In September 2024, Microsoft held the Windows Endpoint Security Ecosystem Summit (WESES) with endpoint security vendors and government representatives to discuss enhancing resilience. Following the summit, collaboration with Microsoft Virus Initiative (MVI) partners has increased, focusing on improving Windows security and reliability through rigorous testing and safe deployment practices. Next month, Microsoft will begin a private preview of a new Windows endpoint security platform for select MVI partners, allowing security solutions to operate outside the Windows kernel for better reliability. Microsoft has released the Windows Resiliency Initiative e-book to guide organizations in building resilience. Innovative products introduced under the WRI include: - Quick machine recovery (QMR) for faster recovery from unexpected restarts, reducing downtime to approximately two seconds. - Microsoft Connected Cache to enhance bandwidth efficiency during updates by caching content locally. - Universal Print anywhere for secure printing from any location. - Hotpatch updates for critical security updates without requiring a restart. - Windows 365 Reserve for secure access to a temporary Cloud PC during device disruptions.

Winsage

May 24, 2025

Microsoft Tells Nearly All Windows Users—You Must Reboot Your PC

This month's KB5058497 update for Windows 11 24H2 introduces the first 'hotpatch' update, allowing installation without a reboot, but it is only available for Windows 11 24H2 Enterprise users. There is no timeline for extending this feature to Pro and Home users. To use hotpatch updates, users must have a Microsoft subscription that includes Windows 11 Enterprise E3, E5, or F3, Windows 11 Education A3 or A5, or a Windows 365 Enterprise subscription, along with devices running Windows 11 Enterprise version 24H2 (Build 26100.2033 or later), an x64 CPU, Microsoft Intune for deployment management, and Virtualization-based Security (VBS) enabled. Users of Windows 11 24H2 or older versions must reboot their systems to apply new security updates, except for specific patches for Windows Defender, while every third update will still require a reboot. KB5058497 is scheduled to be released between May and June 2025 during the 'no restart' period, and it has been reported to install seamlessly without prompting for a reboot. Users of Windows 11 Home and Pro still face the traditional monthly reboot requirement for updates.

Winsage

April 30, 2025

Microsoft: Windows Server hotpatching to require subscription

Microsoft will transition hotpatching for Windows Server 2025 to a paid subscription model starting July 1, 2025, with a cost of [openai_gpt model="gpt-4o-mini" prompt="Summarize the content and extract only the fact described in the text bellow. The summary shall NOT include a title, introduction and conclusion. Text: Microsoft has made a significant announcement regarding the future of hotpatching for Windows Server 2025, a feature that allows administrators to apply security updates without the need for system restarts. As the company prepares for the general availability of this service, it will transition to a paid subscription model starting July 1, 2025. Subscription Details and Preview Phase In a proactive move, Microsoft is encouraging administrators to take advantage of the free preview of hotpatching before it becomes a subscription-based service. This opportunity will remain available until June 30, after which those currently testing the service will be automatically subscribed unless they opt out. “Hotpatching for Windows Server 2025, made available in preview in 2024, will become generally available as a subscription service on July 1st, 2025. With hotpatching, we are taking what was previously an Azure-only capability and now making it available to Windows Server machines outside of Azure through Azure Arc,” Microsoft stated. Upon the subscription launch, hotpatching will be priced at .50 USD per CPU core per month. To utilize this feature in multi-cloud environments or on-premises, users will need both a Hotpatch service subscription and an Azure Arc-connected server running Windows Server 2025 Standard or Datacenter. How to Enable Hotpatching Enabling hotpatching on your server is a straightforward process. First, connect your server to Azure Arc by following the specified steps. Next, navigate to Azure Update Manager within the Azure Portal, select your Azure Arc-enabled server, and check the hotpatching option as outlined in the provided documentation. A Brief History of Hotpatching Hotpatching has been a part of Microsoft's offerings since February 2022, initially available for Windows Server 2022 Datacenter: Azure Edition. This feature allows for the deployment of security updates by patching the in-memory code of running processes, eliminating the need for reboots after each installation. However, it is important to note that servers still require reboots for updates delivered through the standard Windows update channel, which are not included in the Hotpatch program. This includes non-Windows updates, such as .NET patches, and Windows non-security updates. Microsoft began public testing of hotpatching for Windows Server 2025 in September 2024, with further expansions to Windows 11 24H2 and Windows 365 following in November 2024. By April 2025, hotpatch updates will be generally available for business customers using Windows 11 Enterprise 24H2 on x64 (AMD/Intel) systems." max_tokens="3500" temperature="0.3" top_p="1.0" best_of="1" presence_penalty="0.1" frequency_penalty="frequency_penalty"].50 per CPU core per month. A free preview of the service is available until June 30, 2025, after which users testing the service will be automatically subscribed unless they opt out. Hotpatching allows administrators to apply security updates without system restarts and will be available for Windows Server machines outside of Azure through Azure Arc. To enable hotpatching, servers must be connected to Azure Arc and configured via the Azure Update Manager. Hotpatching was initially introduced in February 2022 for Windows Server 2022 Datacenter: Azure Edition and allows for in-memory code updates, but standard Windows updates still require reboots. Public testing for Windows Server 2025 began in September 2024, with general availability for Windows 11 Enterprise 24H2 expected by April 2025.

Winsage

April 29, 2025

New Windows 7 And Windows Server 2008 Security Updates Confirmed

Microsoft has introduced a no-reboot patching feature for Windows 11 and announced hotpatching costs for Windows Server 2025. Windows 7 and Windows Server 2008 R2 have reached their end-of-support status and lack official security patches. However, users of these legacy systems can utilize a micro patching service called 0patch, which delivers micro patches to address specific vulnerabilities without requiring system reboots. On April 29, 2023, Mitja Kolsek, CEO of ACROS Security, announced that support for Windows 7 and Windows Server 2008 R2 would be extended until January 2027 due to high demand. These micro patches are currently the only available security updates for these legacy versions.

Winsage

April 29, 2025

Microsoft teases pay-to-patch plan for Windows Server 2025

Microsoft plans to transition its hotpatching feature for on-premises Windows Server 2025 into a paid subscription service starting in July, priced at [openai_gpt model="gpt-4o-mini" prompt="Summarize the content and extract only the fact described in the text bellow. The summary shall NOT include a title, introduction and conclusion. Text: Microsoft has unveiled plans to transition its hotpatching feature for on-premises Windows Server 2025 into a paid subscription service starting in July. This innovative capability allows administrators to implement software updates without the need for system reboots, a significant advantage that streamlines the update process. Hotpatching: A Game Changer for Administrators Hotpatching is not a novel concept; it has been a staple in various environments, including the Linux kernel, VMware products, and the Xen hypervisor. The primary appeal lies in its ability to facilitate security updates without the disruption of reboots, enabling IT teams to maintain operational continuity without the hassle of scheduling downtime. This feature will be a game changer; you may finally get to see your family on the weekends. Currently, Microsoft offers hotpatching for its Windows Server: Azure Edition and version 2022 within its Azure cloud infrastructure. The company has highlighted that its Xbox team has been a significant user of this feature. In August 2024, a preview of hotpatching for Windows Server 2025 running in Azure was announced, followed by a subsequent preview for on-premises implementations managed through the Arc hybrid-and-multicloud management tool. With this latest update, hotpatching is now available for both the Standard and Datacenter editions of Windows Server 2025, allowing on-premises users to benefit from this functionality. Hari Pulapaka, Microsoft’s general manager of Windows Server, emphasized the transformative potential of hotpatching, noting, “This feature will be a game changer; simpler change control, shorter patch windows, easier orchestration.” He humorously added that it might even allow professionals to enjoy more time with their families on weekends. As of last Thursday, Microsoft announced that the current preview will conclude on June 30, transitioning into a subscription model priced at .50 per core per month. Traditional non-hotpatch updates will remain available at no cost. In a detailed explanation, Janine Patrick, Windows Server Product Marketing Manager, and Artem Pronichkin, Senior Program Manager, outlined the service's structure, which aims to deliver eight hotpatches annually. This schedule follows a three-month cycle: the first month serves as a baseline month (monthly cumulative update), followed by two months dedicated to hotpatches. During baseline months—January, April, July, and October—reboots will be necessary. They also noted that, on rare occasions, a non-hotpatch update may be required during a hotpatch month for security reasons, which would also necessitate a reboot. However, the goal remains to provide up to eight hotpatches each year. The benefits of hotpatching are clear, as it can significantly reduce the 'window of vulnerability' that often occurs when administrators delay updates and restarts following a Windows security update. Additionally, it alleviates the traditional burdens associated with 'Patch Tuesday' updates. Importantly, adoption of hotpatching remains optional; Microsoft will continue to provide software updates according to its existing schedule. However, the company anticipates that many Windows Server 2025 users will find value in the ability to minimize downtime through this subscription service. While Windows Server 2025 machines will need to be managed by Arc to utilize hotpatching, there will be no additional costs associated with using Arc for this new offering. Users currently testing the hotpatching preview will automatically transition to the subscription model starting July 1, unless they choose to disenroll before June 30. Notably, Azure Editions of Windows Server will continue to receive hotpatching at no charge. As this new subscription service approaches, the question remains: Will users embrace the opportunity to pay for the promise of non-disruptive patches? The conversation is open for your thoughts." max_tokens="3500" temperature="0.3" top_p="1.0" best_of="1" presence_penalty="0.1" frequency_penalty="frequency_penalty"].50 per core per month. Hotpatching allows administrators to implement software updates without system reboots, enhancing operational continuity. Currently, hotpatching is available for Windows Server: Azure Edition and version 2022 within Azure. A preview for Windows Server 2025 running in Azure was announced in August 2024, followed by a preview for on-premises implementations managed through the Arc hybrid-and-multicloud management tool. The feature will be available for both the Standard and Datacenter editions of Windows Server 2025, with a goal of delivering eight hotpatches annually. Baseline months will require reboots, while hotpatch months will not, unless a non-hotpatch update is necessary. Adoption of hotpatching is optional, and traditional updates will continue to be available at no cost. Users testing the hotpatching preview will automatically transition to the subscription model starting July 1, unless they disenroll before June 30. Azure Editions of Windows Server will continue to receive hotpatching at no charge.

Winsage

April 29, 2025

Microsoft Confirms $1.50 Windows Security Update Fee Starts July 1

Microsoft has introduced a subscription model for no-reboot security "hotpatch" updates, which will be available for Windows 11 Enterprise, version 24H2, and Windows Server 2025. Users must operate on Windows Server 2025 Standard or Datacenter, connected to Azure Arc, to access these updates. Starting July 1, 2025, there will be a charge of [openai_gpt model="gpt-4o-mini" prompt="Summarize the content and extract only the fact described in the text bellow. The summary shall NOT include a title, introduction and conclusion. Text: In the realm of operating systems, security updates are paramount, especially when they pertain to software utilized by billions globally. However, Microsoft has recently found itself in a challenging spotlight following a controversial Windows security patch that inadvertently introduced a mysterious folder, sparking a wave of confusion and concern among users. Social media commentators hastily advised users to delete this folder, only for Microsoft to counter with a warning that such actions could leave systems vulnerable to attacks. This incident has now unveiled a broader issue within the Windows security update framework, particularly surrounding the introduction of a subscription model for no-reboot security “hotpatch” updates. What Is Windows Hotpatching, And Who Needs To Pay The .50 A Month Fee? As previously reported, Microsoft is advancing towards a system where hotpatching will eliminate the need for users to reboot their Windows systems after a security update. This innovative feature allows security fixes to be downloaded and installed seamlessly in the background, integrating directly into the in-memory code of processes that are already running. Initially, this functionality is set to be available for a specific segment of users: those operating Windows 11 Enterprise, version 24H2, on x64 (AMD/Intel) CPU devices managed through Microsoft Intune. Recent confirmations from Janine Patrick, Windows Server product marketing manager, and Artem Pronichkin, a senior program manager at Microsoft, indicate that the hotpatching system for Windows Server 2025, which has been in preview since 2024, will transition to a subscription-only model starting July 1. To utilize the no-reboot hotpatch security updates, users must operate on “Windows Server 2025 Standard or Datacenter,” with an essential requirement of being connected to Azure Arc. The noteworthy and contentious aspect of this announcement is the introduction of a subscription fee for the Hotpatch service. While hotpatching has long been available for Windows Server Datacenter: Azure Edition at no cost, users of Windows Server 2025 will incur a charge of .50 per CPU core each month for these security updates. Microsoft emphasizes that while hotpatching will significantly reduce the frequency of required reboots—approximately four times a year for baseline updates—this new approach aims to alleviate the traditional inconveniences associated with Patch Tuesday." max_tokens="3500" temperature="0.3" top_p="1.0" best_of="1" presence_penalty="0.1" frequency_penalty="frequency_penalty"].50 per CPU core each month for the hotpatch service, which aims to reduce the frequency of required reboots to approximately four times a year for baseline updates.