Published: Aug 30, 2024
Key Takeaways:
Microsoft has announced the public preview of Hotpatching support on Windows Server 2025 Evaluation virtual machines running in Azure. This new feature allows administrators to install security updates on supported VMs without system reboots.
The Hotpatch feature begins by setting a baseline with the current Cumulative Update (CU) for Windows Server. Microsoft then releases a new CU periodically to update this baseline, followed by Hotpatches for the next two months. This approach ensures systems receive the latest fixes and security patches while minimizing downtime and disruption.
“Hotpatches contains updates that don’t require a reboot. Because Hotpatch patches the in-memory code of running processes without the need to restart the process, your applications are unaffected by the patching process. This action is separate from any potential performance and functionality implications of the patch itself,” Microsoft explained.
Microsoft highlighted several benefits of Hotpatching for supported virtual machines. With Hotpatching, VMs need to install fewer binaries, resulting in smaller and quicker updates that use less storage space and processing power.
Hotpatching also enables security updates to be applied without restarting the VMs, allowing IT admins to protect systems against vulnerabilities more quickly and without downtime. Administrators can use tools like Azure Update Manager to streamline the management and deployment of patches across multiple systems.
To get started with Hotpatch, IT admins will need to create an Azure or Azure Stack HCI VM and then choose one of the following VMs:
Microsoft notes that updates not covered by the Hotpatch program may still require a reboot. This includes non-security updates for Windows, .NET updates, and other non-Windows updates. Moreover, IT admins will need to reboot the VMs after installing a new baseline.
Microsoft also warns that automatic rollback is not supported for Hotpatch or Baseline updates. If a VM encounters issues during the update process, administrators will need to manually uninstall the latest patch.
Keep in mind that the Hotpatching feature will no longer be supported on these preview images once it becomes generally available. It will be available only for Windows Server 2025 Azure Edition SKUs and the current Windows Server 2022 Azure Edition.