Organizations gearing up for the transition to Windows Server 2025 will soon have the opportunity to enhance their security protocols through a method known as hotpatching. This innovative approach allows for the implementation of security updates directly on running processes without necessitating a system reboot.
What is Hotpatching?
Hari Pulapaka, Microsoft’s Director of Product for Windows Server, Azure Host OS & Windows CoreOS Platform, elaborated on this feature during a recent announcement. “Hotpatching has been around for years in Windows Server 2022 Azure Edition, but always required running a VM in Azure or on Azure Stack HCI. When Windows Server 2025 becomes generally available, you will be able to run the edition you want, where you want – whether on-prem, in Azure, or elsewhere,” he explained.
This flexibility means that organizations can choose to hotpatch their Windows Server 2025 installations, whether they are operating on physical servers or virtual machines. These virtual environments can be hosted on Hyper-V, VMware, or any platform that adheres to Microsoft’s Virtualization Based Security standards.
Hotpatching, which involves updating the in-memory code of active processes, significantly reduces the need for reboots. According to Pulapaka, fewer reboots translate to a lighter workload for server administrators, conserving both disk and CPU resources. This streamlined process also simplifies patch orchestration and change control, making it a valuable tool for IT teams.
“Hotpatch has been available for a few years in Windows Server 2022 Datacenter: Azure Edition; this is tried and true technology. The real change is how and where you get those security updates,” he added, highlighting the evolution of this feature.
For users of Windows Server 2025 Standard and Datacenter editions, hotpatching will be facilitated through Azure Arc. This integration allows the Windows Server internal licensing service for Hotpatch to operate, ensuring that updates are delivered seamlessly to customers.
However, it is important to note that hotpatching may not always be feasible. As such, traditional patching methods and the need for reboots will continue to play a role in system maintenance.
About Windows Server 2025
Currently in its Preview phase, Windows Server 2025 is set to be finalized and released by the end of 2024. This latest iteration of the widely-used server operating system promises to introduce a host of new and enhanced security features. Additionally, some legacy functionalities from previous versions will be phased out or deprecated, including Windows Server Update Services, marking a significant shift in the server landscape.