Windows Server 2025 introduces a game-changing feature for IT professionals: Hotpatching. This innovation allows you to apply critical security updates without rebooting your servers—dramatically reducing downtime and improving operational continuity.
Whether you’re managing VMware clusters, deploying hybrid cloud workloads, or automating patching pipelines in DevOps, Hotpatching is a must-know capability.
What Is Windows Server Hotpatching?
Hotpatching is a method of applying security updates directly to the in-memory code of running processes—without restarting the OS or the application. This means:
- No reboots for most monthly updates
- Faster patch deployment
- Reduced workload disruption
- Improved uptime for mission-critical systems
According to Microsoft Learn, Hotpatching is available for Windows Server 2025 Datacenter: Azure Edition and Core Edition, and is supported on Azure VMs, Azure Arc-connected machines, and VMware environments that support Virtualization-Based Security (VBS).
How Hotpatching Works
Hotpatching follows a baseline + delta model:
Baseline: Every quarter (January, April, July, October), a cumulative update is applied with a reboot.
Hotpatches: For the next two months, Microsoft releases in-memory patches that don’t require reboots.
This reduces the number of planned reboots from 12 to just 4 per year—ideal for high-availability clusters, production workloads, and DevOps CI/CD pipelines.
Prerequisites for Enabling Hotpatching
To use Hotpatching in Windows Server 2025, you’ll need:
- Windows Server 2025 Datacenter or Standard Edition
- Azure Arc connectivity (for on-prem or hybrid servers)
- Internet access to reach Microsoft Update
- VMware, Hyper-V, or bare-metal support with VBS enabled
