Organizations that plan to upgrade to Windows Server 2025 once it becomes generally available will be able to implement some security updates by hotpatching running processes.
What is hotpatching?
“Hotpatching has been around for years in Windows Server 2022 Azure Edition, but always required running a VM in Azure or on Azure Stack HCI. When Windows Server 2025 becomes generally available, you will be able to run the edition you want, where you want – whether on-prem, in Azure, or elsewhere,” Hari Pulapaka, Microsoft’s Director of Product for Windows Server, Azure Host OS & Windows CoreOS Platform, noted on Friday.
“You’ll have an option to hotpatch Windows Server 2025 physical servers or virtual machines, and those VMs can run on Hyper-V, VMware, or anywhere else that supports Microsoft’s protection-focused Virtualization Based Security standard.”
Hotpatching – i.e., implementing OS security updates by patching the in-memory code of running processes – does not require a system reboot for the patch to be applied.
Fewer reboots means a lower workload for server administrators and fewer disk and CPU resources used, Pulapaka says. It also makes patch orchestration and change control easier.
“Hotpatch has been available for a few years in Windows Server 2022 Datacenter: Azure Edition, this is tried and true technology. The real change is how and where you get those security updates,” he added.
For Windows Server 2025 Standard and Datacenter editions, hotpatching will be available through Azure Arc, which “allows the Windows Server internal licensing service for Hotpatch to run so that Hotpatch updates are delivered to customers.”
It’s good to keep in mind, though, that hotpatching isn’t always possible, so “regular” patching and rebooting is not going anywhere.
About Windows Server 2025
Windows Server 2025, which is currently in Preview, is scheduled to be completed and released by the end of 2024.
This newest version of the popular server OS will carry a number of new and improved security features, and some legacy Windows Server features will be either removed or deprecated (including Windows Server Update Services).