Microsoft Explains How Windows Server Hotpatching Works

Last year, Microsoft described its work on hotpatching Windows Updates to apply updates on the fly to Windows systems and remove the need to restart systems to install updates. A new blog post on the Microsoft Tech Community website announces the introduction of Hotpatching support in Azure Automange for Windows Server. Microsoft recently released Windows Server 2022.

Hotpatching offers several advantages over traditional means of installing updates on Windows machines. Microsoft highlights the three main benefits in the blog post:

  • Fewer restarts, which improves availability.
  • Faster deployment, as update packages “are smaller, install faster, and have easier patch orchestration.”
  • Improved protection, as security updates can be installed immediately instead of scheduling a reboot.

Hotpatching works by “establishing a baseline with a latest cumulative update from Windows Update” according to Microsoft. The company plans to periodically release patches that build on this baseline, and these updates will not require a reboot. The baseline is refreshed with new cumulative updates and then periodically as well.

Windows Server Hotpatching

Patches could be released every Patch Tuesday (once a month) and new baselines could be released every three months. Ideally, servers should be restarted four times a year, when new baselines are applied.

Microsoft distinguishes between planned and unplanned baselines. Planned baselines are released at a regular cadence to move the system to a new baseline. Patches can then be installed between these planned base releases.

Unplanned baselines are needed to patch systems if hotpatching cannot be used for a particular patch. Microsoft mentions patches for 0-day vulnerabilities in particular. These base unplanned releases require a restart and include all content from the latest Cumulative Update.

Updates can be installed outside of the Hotpatch program according to Microsoft, but this requires disabling and unregistering hotpatching to return to the default update behavior for Windows Server. Re-registration is possible at any time.

The rest of the announcement offers implementation details for server administrators.

Closing words

Hotpatching improves Windows Server availability by reducing the number of update-related restarts over time. Additionally, security updates deployed via hotpatching are applied immediately instead of requiring a reboot (immediate or scheduled); this reduces the time the machine is vulnerable to potential attacks targeting the vulnerability.

Microsoft is working to bring hotpatching functionality to a “wider set of Windows clients”. It’s unclear if this will include consumer versions of Windows.

Now you: what do you think of hotpatching? Would you use it? (via Deskmodder)

Summary

Microsoft Explains How Windows Server Hotpatching Works

Article name

Microsoft Explains How Windows Server Hotpatching Works

The description

A new blog post on the Microsoft Tech Community website announces the introduction of Hotpatching support in Azure Automange for Windows Server.

Author

Martin Brinkman

Editor

Ghacks Technology News

Logo

Advertising

Comments are closed.