Microsoft has announced that Hotpatching is now available in public preview for Windows Server 2025, enabling the installation of security updates without requiring restarts. This feature allows for faster installs and reduced resource usage, resulting in lower workload impact and improved security protection.
Hotpatching deploys Windows security updates by patching the in-memory code of running processes without restarting them after each installation. This reduces the time exposed to security risks and simplifies change control.
The new Hotpatching feature is available through Azure Arc, allowing customers to run the Windows Server internal licensing service for Hotpatch and deliver updates. When Windows Server 2025 becomes generally available, users will have the option to hotpatch physical servers or virtual machines, which can run on Hyper-V, VMware, or other platforms that support Microsoft’s Virtualization-Based Security standard.
To enable Hotpatching on Windows Server 2025 Datacenter and Standard edition evaluation machines, customers need to enroll through the built-in Azure Arc agent setup included in Windows Server 2025 evaluation, enable the Hotpatch preview, and meet certain prerequisites. These include installing the KB5040435 July Security update, enabling Virtualization-Based Security, and connecting the machine to Azure Arc.
Overall, this feature aims to simplify patch management and reduce downtime for customers, ultimately improving their overall security posture.
Source: https://www.bleepingcomputer.com/news/microsoft/windows-server-2025-hotpatching-in-public-preview-installs-security-updates-without-restarts/