In Preview – Windows Server 2025 Security Updates With No Reboots
In Preview – Windows Server 2025 Security Updates With No Reboots
Amir Moiz Gulamaliwala
Microsoft announced on 20th September 2024, that Hotpatching is now available in public preview for Windows Server 2025, allowing installation of security updates without server reboots.
Hot-patching deploys Windows security updates without requiring a reboot by patching the in-memory code of running processes without restarting them after each installation.
The advantages of Windows Hotpatching will be faster installs and reduced resource usage, lower workload impact because of fewer reboots over time, and improved security protection because it reduces the time exposed to security risks or attacks.
This feature will be a game changer; simpler change control, shorter patch windows, easier orchestration… and you may finally get to see your family on the weekends.
- Instead of Instead of 12 mandatory reboots a year on “Patch Tuesday”, you’ll now only have quarterly scheduled reboots (with the rare possibility of reboots being required in a nominal Hotpatch month) said by Windows Server Director of Product Hari Pulapaka on Friday 20th Sep’24.
- Fewer binaries mean updates download and install faster while consuming fewer disk and CPU resources.
- Easier patch orchestration and change control.
- Integrated with the optional Azure Update Manager.
The above image shows: Windows update showing a hotpatch installed without a need to reboot
Hotpatch has been available for quite sometime Windows Server 2022 Datacenter: Azure Edition, this has been tried and true technology.
The real change is how and where you get those security updates. Hotpatching will be available as an option through the power of Azure Arc. Azure Arc enables management and allows the Windows Server internal licensing service for Hotpatch to run so that Hotpatch updates are delivered to customers.
Check it out
Azure Arc enables hotpatches for your Windows Server 2025 Datacenter and Standard edition evaluation machines by only a few clicks.
You need to enroll through the built in Azure Arc agent setup included in Windows Server 2025 evaluation, enable the hotpatch preview, and you are good to go.
The above image shows: The Azure Arc setup agent running in Windows Server, showing requirements are met.
The below image shows: The Azure portal page showing the Hotpatch preview.
Hotpatching has been around for years in Windows Server 2022 Azure Edition, but always required running a VM in Azure or on Azure Stack HCI. When Windows Server 2025 becomes generally available, all the end users will be able to run the edition you desire and where you want – whether on-prem, in Azure, or elsewhere. There will be an option to hotpatch Windows Server 2025 physical servers or virtual machines, and those VMs can run on Hyper-V, VMware, or anywhere else that supports Microsoft’s protection-focused Virtualization Based Security standard.
