Microsoft has unveiled the public preview of Hotpatching for Windows Server 2025, a significant advancement that allows users to install security updates without the need for system reboots. This innovative feature patches the in-memory code of running processes, streamlining the update process and minimizing downtime.
Benefits of Hotpatching
The introduction of Hotpatching brings a host of advantages to Windows Server users. Key benefits highlighted by Microsoft include:
- Faster Installations: Updates can be applied swiftly, enhancing operational efficiency.
- Reduced Resource Usage: With fewer reboots, resource consumption is optimized.
- Lower Workload Impact: The decrease in mandatory reboots translates to less disruption in daily operations.
- Improved Security: By minimizing exposure time to potential vulnerabilities, Hotpatching enhances overall security posture.
Hari Pulapaka, Director of Product for Windows Server, noted the transformative nature of this feature: “Instead of 12 mandatory reboots a year on ‘Patch Tuesday,’ you’ll now only have quarterly scheduled reboots, with the rare possibility of reboots being required in a nominal Hotpatch month.” He emphasized that this change could lead to simpler change control and shorter patch windows, allowing IT professionals to reclaim their weekends.
Hotpatching has been in use since February 2022 for Windows Server 2022 Datacenter: Azure Edition, where it was first made available for core virtual machines. However, it is important to note that servers will still require restarts for updates delivered through the standard Windows update channel that do not fall under the Hotpatch program. This includes non-Windows updates, such as .NET patches, and Windows non-security updates.
In Windows Server 2025, Hotpatching can be accessed through Azure Arc, enabling the internal licensing service for Hotpatch to operate and deliver updates effectively. Pulapaka elaborated, “When Windows Server 2025 becomes generally available, you will be able to run the edition you want, where you want – whether on-prem, in Azure, or elsewhere.” This flexibility extends to both physical servers and virtual machines, which can operate on various platforms, including Hyper-V and VMware, provided they adhere to Microsoft’s Virtualization Based Security standards.
To enable Hotpatching on Windows Server 2025 Datacenter and Standard edition evaluation machines, users must enroll via the built-in Azure Arc agent setup included in the evaluation version and activate the Hotpatch preview. Prerequisites for subscribing to Hotpatching include having Windows Server 2025 Datacenter evaluation, ensuring Virtualization Based Security is enabled and operational, installing the KB5040435 July Security update, and connecting the machines to Azure Arc.
