Windows Server 2025 previews security updates without restarts


​Microsoft announced today that Hotpatching is now available in public preview for Windows Server 2025, allowing installation of security updates without restarting.

Hotpatching deploys Windows security updates without requiring a reboot by patching the in-memory code of running processes without restarting them after each installation.

Among the benefits of Windows Hotpatching, Redmond highlights faster installs and reduced resource usage, lower workload impact because of fewer reboots over time, and improved security protection because it reduces the time exposed to security risks.

“Instead of 12 mandatory reboots a year on ‘Patch Tuesday,’ you’ll now only have quarterly scheduled reboots (with the rare possibility of reboots being required in a nominal Hotpatch month),” said Windows Server Director of Product Hari Pulapaka on Friday.

“This feature will be a game changer; simpler change control, shorter patch windows, easier orchestration… and you may finally get to see your family on the weekends.”

Hotpatching has been available for Windows Server 2022 Datacenter: Azure Edition since February 2022, when Microsoft announced its general availability for Windows Server Azure Edition core virtual machines.

As Microsoft revealed at the time, servers will still require restarts after installing updates delivered through the regular (non-Hotpatch) Windows update channel that aren’t included in the Hotpatch program.

Non-Windows updates (such as .NET patches) and Windows non-security updates are two examples of updates that can’t be installed without a reboot via Hotpatching.

Installing a hotpatch without restarting
Installing a hotpatch without restarting (Microsoft)

​In Windows Server 2025, Hotpatching is available through Azure Arc, allowing the Windows Server internal licensing service for Hotpatch to run and deliver updates to customers.

“When Windows Server 2025 becomes generally available, you will be able to run the edition you want, where you want – whether on-prem, in Azure, or elsewhere,” Pulapaka added.

“You’ll have an option to hotpatch Windows Server 2025 physical servers or virtual machines, and those VMs can run on Hyper-V, VMware, or anywhere else that supports Microsoft’s protection-focused Virtualization Based Security standard.”

Enabling Hotpatching on your Windows Server 2025 Datacenter and Standard edition evaluation machines requires enrolling through the built-in Azure Arc agent setup included in Windows Server 2025 evaluation and enabling the Hotpatch preview.

The prerequisites for subscribing to Hotpatching include Windows Server 2025 Datacenter evaluation, Virtualization Based Security enabled and running, the KB5040435 July Security update installed, and the machines being Azure Arc connected.



Source link