Microsoft has acknowledged a critical issue affecting Windows Server 2025 systems enrolled in the Hotpatch program.
A recent Windows Server Update Services (WSUS) patch was inadvertently distributed to machines configured to receive Hotpatch updates, causing disruptions to the seamless patching process that allows security updates without requiring system restarts.
Distribution Error Impacts Hotpatch-Enrolled Systems
The problematic update was briefly made available to all Windows Server 2025 machines, regardless of their Hotpatch enrollment status.
Although Microsoft quickly identified and corrected the distribution error, a limited number of Hotpatch-enrolled devices had already downloaded and installed the incompatible update.
The company has since restricted the update’s availability to only those machines not enrolled in the Hotpatch program.
This issue exclusively affects Windows Server 2025 devices and virtual machines that are enrolled to receive Hotpatch updates.
Organizations running earlier versions of Windows Server or systems not configured for Hotpatch remain unaffected by this distribution error.
The incident highlights the complexities involved in managing multiple update channels for enterprise environments.
Systems that successfully installed the incorrect update now face a temporary interruption in their Hotpatch update cycle.
These machines have been effectively removed from the “Hotpatch train” and will not receive the scheduled Hotpatch updates for November and December 2025.
Instead, affected systems will be offered standard monthly security updates that require a full system restart, negating the primary benefit of the Hotpatch program.
Microsoft has outlined a recovery timeline for impacted machines. After installing the planned baseline update scheduled for January 2026, affected systems will be re-enrolled in the Hotpatch update cycle.
The next available Hotpatch update for these machines will be offered in February 2026, representing a three-month gap in Hotpatch functionality.
For administrators whose systems have downloaded but not yet installed the problematic update, Microsoft provides a straightforward workaround.
Users should navigate to Settings, select Windows Update, and choose the option to pause updates. After un-pausing and scanning for new updates, the system will be offered the correct update package.
Hotpatch-enrolled machines that avoided installing the incorrect update will receive the appropriate Security Update for Windows Server Update Services, identified as KB5070893 and released on October 24, 2025.
This update must be installed on top of the October 2025 baseline update KB5066835.
Systems following this installation path will maintain their position on the Hotpatch update schedule and continue receiving Hotpatch updates throughout November and December.
Notably, only machines with WSUS enabled will be required to restart after installing the KB5070893 security update.
Organizations experiencing issues or requiring additional guidance are encouraged to contact Microsoft Support for business for specialized assistance with this patching disruption.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
