Elite Enterprise Software Logo
My account linkPress to access My account
4.8
rating on Trustpilot

Activating Hotpatching in Windows Server 2025

activating-hotpatching-in-windows-server-2025

Windows Server 2025 introduces a groundbreaking feature called Hotpatching, allowing administrators to apply critical security updates to servers without the need for a restart. Available in both the Standard and Datacenter editions, Hotpatching works in on-premises environments, the Azure cloud, and virtual machines running on VMware or Hyper-V—provided Virtualization-Based Security (VBS) is supported.

What is Hotpatching?

Hot patching is an advanced method of applying updates by modifying the in-memory code of running processes. Unlike traditional update methods, which require a system restart to replace files in use, Hotpatching ensures that security patches are applied without interrupting server operations. By directly updating the running processes, Hotpatching reduces downtime and ensures continuous service availability.

Hot patching in Windows Server 2025 only applies to security-relevant components, making update packages smaller and more efficient. This minimizes the impact on CPU and storage resources, providing faster installation times and enhanced performance.

Benefits of Hotpatching

The advantages of Hotpatching are clear and impactful:

  1. Minimal Downtime: No restarts are needed, ensuring uninterrupted server performance.

  2. Improved Security: Security patches are applied immediately, reducing the risk of exposure and eliminating the need for long maintenance windows.

  3. Streamlined Maintenance: Hotpatching simplifies the planning and execution of system updates, making them faster and easier to implement.

Requirements for Hotpatching

For Hotpatching to function, several prerequisites must be met:

  • Supported Editions: Hotpatching is supported exclusively on the Standard and Datacenter editions of Windows Server 2025.

  • Stable Internet Connection: A reliable internet connection is necessary to access Microsoft’s update servers.

  • Azure Arc Integration: The server must be connected to Azure Arc for the management of Hotpatch updates.

  • Virtualization-Based Security (VBS): VBS must be enabled on the system, as it creates a secure environment for critical processes and data.

VBS uses hardware-based virtualization to isolate system components, preventing unauthorized access and safeguarding the server from potential threats or malware.

How to Enable Hotpatching in Windows Server 2025

Step 1: Connect to Azure Arc

If your server isn't already connected to Azure Arc, follow these steps:

  1. Sign in to the Azure Portal: Access your Azure account credentials.

  2. Add Azure Arc for Servers: Navigate to Azure Arc > Servers and click + Add.

  3. Download the Installation Script: Get the script that will connect your server to Azure. Alternatively, use the Windows Server 2025 setup assistant for a direct connection.

  4. Run the Script: Execute the script on your server to establish a connection to Azure Arc.

  5. Verify the Connection: Confirm that your server appears under Azure Arc in the Azure portal.

Step 2: Enable Hotpatching

Once your server is connected to Azure Arc:

  1. Open Azure Update Manager and navigate to Overview.

  2. Select your server and enable Hotpatching (Preview).

  3. Ensure your server has the necessary license and save the configuration.

Troubleshooting Hotpatching Activation

If Hotpatching doesn’t activate, the issue might lie in one of the following areas:

  • Azure Arc Connection: Verify that your server is connected to Azure Arc and that your internet connection is active.

  • VBS Activation: VBS should be enabled by default in Windows Server 2025, but you can check its status by running the systeminfo command. If VBS is not enabled, use the following Group Policy setting to turn it on:

    • Navigate to Computer Configuration > Administrative Templates > System > Device Guard.

    • Enable Turn On Virtualization Based Security.

Verifying Hotpatch Updates

To check if Hotpatching is working:

  1. Go to Settings > Windows Update > Update History.

  2. Look for updates labelled as Hotpatch to confirm that Hotpatching updates have been applied.

Hotpatch Update Strategy

Windows Server 2025 follows a quarterly update strategy:

  1. Quarterly Major Updates: At the start of each quarter—January, April, July, and October—servers will receive a comprehensive update that includes security patches, new features, and improvements, along with a restart.

  2. Hotpatch Updates: In the two months following the major quarterly update, only security updates will be provided, ensuring that no restart is necessary. These Hotpatch updates ensure that servers stay secure without downtime.

By following this strategy, the number of required system restarts is reduced from 12 to just 4 annually, with an additional 8 Hotpatch updates throughout the year.

Conclusion

Hot patching in Windows Server 2025 is a game-changer for administrators and IT professionals, streamlining the update process while reducing downtime and improving security. With Hotpatching, security updates can be applied swiftly and efficiently, ensuring systems remain protected without the need for frequent restarts. This innovation makes it easier than ever to maintain secure, high-performing servers with minimal disruption to critical business operations.


We use cookies to ensure you get the best experience on our website. Cookies are used (but not limited to) for ads personalisation and analytics. By clicking 'Accept All', you consent to our use of cookies in accordance with our Privacy Policy. You can remove your consent at any time via our Cookie Policy. By visiting our site or clicking 'Accept All', you also agree to our Terms and Conditions.