Microsoft has addressed an issue where a security update unintentionally disabled hotpatching on Windows Server 2025 systems enrolled in their Hotpatch program. This disruption arose from a WSUS (Windows Server Update Services) fix aimed at preventing a serious vulnerability that could allow remote code execution.
Impact on Servers
Inadvertently, the KB5070881 update led to servers losing their hotpatching enrollment status. This affected the capacity for restart-free updates on these systems. Until the corrective update is fully implemented, administrators must use traditional cumulative updates, requiring system restarts through January 2026.
- The accidental disruption was due to a security patch aimed at WSUS.
- Affected systems are limited to those in the Hotpatch program.
- Standard cumulative updates are required for November and December 2025.
Microsoft's Resolution
Microsoft has issued a new update, KB5070893, to fix the issue without impairing hotpatching. This update ensures that impacted servers can again use hotpatch updates, restoring the convenience of restart-free patching. Servers that downloaded the previous update can scan for KB5070893 via Windows Update.
Additionally, Microsoft has updated synchronization error handling and addressed various unrelated issues in Windows 11 and Media Creation Tools. This comprehensive approach ensures continuity and security for enterprise environments reliant on Windows Server 2025.
