hypervisor Archives

Winsage

April 29, 2025

Microsoft teases pay-to-patch plan for Windows Server 2025

Microsoft plans to transition its hotpatching feature for on-premises Windows Server 2025 into a paid subscription service starting in July, priced at [openai_gpt model="gpt-4o-mini" prompt="Summarize the content and extract only the fact described in the text bellow. The summary shall NOT include a title, introduction and conclusion. Text: Microsoft has unveiled plans to transition its hotpatching feature for on-premises Windows Server 2025 into a paid subscription service starting in July. This innovative capability allows administrators to implement software updates without the need for system reboots, a significant advantage that streamlines the update process. Hotpatching: A Game Changer for Administrators Hotpatching is not a novel concept; it has been a staple in various environments, including the Linux kernel, VMware products, and the Xen hypervisor. The primary appeal lies in its ability to facilitate security updates without the disruption of reboots, enabling IT teams to maintain operational continuity without the hassle of scheduling downtime. This feature will be a game changer; you may finally get to see your family on the weekends. Currently, Microsoft offers hotpatching for its Windows Server: Azure Edition and version 2022 within its Azure cloud infrastructure. The company has highlighted that its Xbox team has been a significant user of this feature. In August 2024, a preview of hotpatching for Windows Server 2025 running in Azure was announced, followed by a subsequent preview for on-premises implementations managed through the Arc hybrid-and-multicloud management tool. With this latest update, hotpatching is now available for both the Standard and Datacenter editions of Windows Server 2025, allowing on-premises users to benefit from this functionality. Hari Pulapaka, Microsoft’s general manager of Windows Server, emphasized the transformative potential of hotpatching, noting, “This feature will be a game changer; simpler change control, shorter patch windows, easier orchestration.” He humorously added that it might even allow professionals to enjoy more time with their families on weekends. As of last Thursday, Microsoft announced that the current preview will conclude on June 30, transitioning into a subscription model priced at .50 per core per month. Traditional non-hotpatch updates will remain available at no cost. In a detailed explanation, Janine Patrick, Windows Server Product Marketing Manager, and Artem Pronichkin, Senior Program Manager, outlined the service's structure, which aims to deliver eight hotpatches annually. This schedule follows a three-month cycle: the first month serves as a baseline month (monthly cumulative update), followed by two months dedicated to hotpatches. During baseline months—January, April, July, and October—reboots will be necessary. They also noted that, on rare occasions, a non-hotpatch update may be required during a hotpatch month for security reasons, which would also necessitate a reboot. However, the goal remains to provide up to eight hotpatches each year. The benefits of hotpatching are clear, as it can significantly reduce the 'window of vulnerability' that often occurs when administrators delay updates and restarts following a Windows security update. Additionally, it alleviates the traditional burdens associated with 'Patch Tuesday' updates. Importantly, adoption of hotpatching remains optional; Microsoft will continue to provide software updates according to its existing schedule. However, the company anticipates that many Windows Server 2025 users will find value in the ability to minimize downtime through this subscription service. While Windows Server 2025 machines will need to be managed by Arc to utilize hotpatching, there will be no additional costs associated with using Arc for this new offering. Users currently testing the hotpatching preview will automatically transition to the subscription model starting July 1, unless they choose to disenroll before June 30. Notably, Azure Editions of Windows Server will continue to receive hotpatching at no charge. As this new subscription service approaches, the question remains: Will users embrace the opportunity to pay for the promise of non-disruptive patches? The conversation is open for your thoughts." max_tokens="3500" temperature="0.3" top_p="1.0" best_of="1" presence_penalty="0.1" frequency_penalty="frequency_penalty"].50 per core per month. Hotpatching allows administrators to implement software updates without system reboots, enhancing operational continuity. Currently, hotpatching is available for Windows Server: Azure Edition and version 2022 within Azure. A preview for Windows Server 2025 running in Azure was announced in August 2024, followed by a preview for on-premises implementations managed through the Arc hybrid-and-multicloud management tool. The feature will be available for both the Standard and Datacenter editions of Windows Server 2025, with a goal of delivering eight hotpatches annually. Baseline months will require reboots, while hotpatch months will not, unless a non-hotpatch update is necessary. Adoption of hotpatching is optional, and traditional updates will continue to be available at no cost. Users testing the hotpatching preview will automatically transition to the subscription model starting July 1, unless they disenroll before June 30. Azure Editions of Windows Server will continue to receive hotpatching at no charge.

Winsage

April 28, 2025

Microsoft makes hot patching a paid feature for Windows Server 2025

Hotpatching in Windows Server 2025 allows system administrators to apply security updates without rebooting, enhancing response times to vulnerabilities. Microsoft will introduce a subscription model for this feature starting July 1, 2024, at an initial rate of [openai_gpt model="gpt-4o-mini" prompt="Summarize the content and extract only the fact described in the text bellow. The summary shall NOT include a title, introduction and conclusion. Text: Hotpatching emerges as a significant advancement in the realm of Windows Server 2025, allowing system administrators to implement security updates without the need for system reboots. This capability enhances the speed at which organizations can respond to vulnerabilities, aligning with the growing demand for agile IT operations. However, Microsoft has decided to place this feature behind a paywall, introducing a subscription model that will take effect from July 1, 2024, at an initial rate of .50 per core per month. Notably, users operating on Azure will be exempt from this charge, providing a clear incentive for cloud-based deployments. Previously available in Azure Hotpatching is not an entirely new concept; it has been successfully utilized in various environments, including the Linux kernel, VMware products, and the Xen hypervisor. Microsoft has previously offered hot patching capabilities for Windows Server: Azure Edition and version 2022 within the Azure cloud ecosystem. In August 2024, the company unveiled a preview of hot patching for Windows Server 2025 in Azure, followed by an additional preview for deployments managed through the Arc hybrid and multicloud management system in September. This latest preview marks a pivotal moment, as it introduces hot patching for Windows Server 2025 Standard and Datacenter Edition, enabling on-premises applications of this technology for the first time. Microsoft has characterized this feature as a “game changer,” highlighting its potential to redefine patch management for enterprises. Subscription model and patching cycle Under the new subscription model, Microsoft anticipates releasing eight hot patches annually. However, it is important to note that there may be instances where a restart is still required for security purposes. As the transition to the paid version approaches, users currently in the preview phase will be automatically migrated unless they opt out by June 30, 2024. This move has drawn parallels to Microsoft's previous strategies regarding detailed logs, which have sparked concern among security experts. Critics argue that by monetizing essential security features, Microsoft risks compromising the overall security posture for users who may not opt for these additional services. While hotpatching was initially heralded as a cornerstone innovation for Windows Server 2025, its placement behind a paywall raises questions about the balance between enhanced security and cost considerations for organizations. Read also: Windows Server 2025 updates cause problems" max_tokens="3500" temperature="0.3" top_p="1.0" best_of="1" presence_penalty="0.1" frequency_penalty="frequency_penalty"].50 per core per month, with Azure users exempt from this charge. Hotpatching has been previously available in Azure and is now being introduced for on-premises applications in Windows Server 2025 Standard and Datacenter Edition. Microsoft plans to release eight hot patches annually, although some may still require a restart. Users in the preview phase will be automatically migrated to the paid version unless they opt out by June 30, 2024. Critics express concern that monetizing essential security features may compromise overall security for users who do not subscribe.

Winsage

April 19, 2025

Microsoft is deprecating a ‘revolutionary’ virtualization-based security feature for older versions of Windows 11

Microsoft has announced the deprecation of Virtualization-based Security (VBS) enclaves, a feature introduced in July 2024, in Windows 11 23H2 and earlier versions, as well as in Windows Server 2022 and its predecessors. Support for VBS enclaves will continue in Windows Server 2025 and future versions. VBS enclaves were designed to create secure memory spaces using Microsoft's Hyper-V hypervisor, enhancing security for specific application components. The decision to phase out VBS enclaves may be influenced by the rapid development cycle of Windows 11. Users are expected to transition to newer releases as support for Windows 11 23H2 ends in November. Enterprise customers relying on VBS enclaves may face disruptions if the feature is completely removed.

Winsage

April 9, 2025

4 reasons I use virtual hard disks in Windows, and you should too

Creating virtual hard disks (VHD or VHDX) in Windows 11 23H2 and later is straightforward through the Settings app. Users can create a VHD by navigating to Settings -> System -> Storage -> Advanced storage settings -> Disks and volumes, where they can choose to create a VHD or Dev Drive. The VHD format supports up to 2040GB, while VHDX supports up to 64TB and offers resilience during power failures. VHDX can be encrypted with BitLocker for password protection. Virtual disks can be shared over a network, enhancing efficiency by eliminating the need for physical media. They are cost-effective compared to physical drives, reducing hardware costs and potential points of failure. The Hyper-V hypervisor provides a versatile platform for these virtual drives, which offer portability, flexibility, ease of sharing, efficient backups, and robust security, though they may have slower performance than SSDs and limited native boot support for Windows.

Winsage

March 26, 2025

Auth bypass CVE-2025-22230 impacts VMware Windows Tools

Broadcom has addressed a critical authentication bypass vulnerability, CVE-2025-22230, affecting VMware Tools for Windows, rated with a CVSS score of 9.8. This vulnerability allows low-privileged local attackers to escalate their privileges within vulnerable VMs, potentially leading to unauthorized access. It affects VMware Tools versions 12.x.x and 11.x.x across Windows, Linux, and macOS platforms. VMware Tools version 12.5.1 has been released to fix this issue. Additionally, Broadcom issued updates for three zero-day vulnerabilities in VMware ESX products (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226), which were confirmed to be actively exploited and represent a "VM Escape" scenario.

Winsage

March 26, 2025

Update VMware Tools for Windows NOW: High-Severity Flaw Lets Hackers Bypass Authentication

Broadcom has advised users of VMware Tools for Windows to update to the latest version due to a high-severity vulnerability (CVE-2025-22230) that is being exploited by cybercriminals. This vulnerability affects versions 11.x.x and 12.x.x and is classified as an "authentication bypass vulnerability," allowing a malicious actor with non-administrative privileges on a Windows guest to perform high-privilege operations within that VM. The flaw stems from inadequate access control mechanisms. The vulnerability has a CVSS score of 7.8 and does not require user interaction for exploitation. It was discovered by Sergey Bliznyuk of Positive Technologies. Broadcom has patched the vulnerability in version 12.5.1, and users are urged to update immediately, as no workarounds are available.

Winsage

March 12, 2025

6 reasons Hyper-V is the best hypervisor on Windows

Virtualization technology is essential in modern IT infrastructure, allowing the creation of virtual machines (VMs) for various applications. Hyper-V is Microsoft's primary hypervisor for Windows Pro, Enterprise, or Windows Server users. It has been available since Server 2008 and provides tools for efficient VM creation, management, and monitoring. Hyper-V integrates natively with Windows, ensuring compatibility and simplifying VM management through the Hyper-V Manager interface. It is optimized for Windows, enhancing performance and security by utilizing features like Secure Boot and BitLocker. Hyper-V supports large-scale deployments and can configure multiple VMs for demanding workloads. It also allows users to create Linux VMs, such as Ubuntu, easily using the "Quick Create" feature. Hyper-V is a built-in, free hypervisor for Windows, requiring no additional costs beyond the Windows Pro license. Its integration, ease of use, and cost-effectiveness make it a leading choice for virtualization among average users and IT administrators.