Windows 11 24H2 Might Support Hotpatching; No More Restarts

Hotpatching is a method to install software updates without starting the device or causing any downtime.

At the moment, when you install a Windows feature or security update, it requires a system restart to finalize the installation. If an OS build upgrade is involved, the build number changes after the system has been rebooted. Soon, this will no longer be the case.

Microsoft is testing Windows hotpatching – which is the ability of the Windows operating system to install updates without asking for a restart. This testing has begun for the Windows Insiders with the Windows 11 Build 26058 on the Dev and Canary channels which applies to Windows 11 24H2 – the upcoming feature update for Windows 11.

After installing the update through Windows Update, the build information changes to “ge_release_svc_hotpatch_prod1.240211-0859” without a system restart.

Hotpatching is nothing new for system administrators since Microsoft had already introduced hotpatching to the Azure versions of Windows Server 2019 and Server 2022. However, the concept is still new to the Windows client users.

How hotpatching works

Hotpatches include updates that do not require a reboot. The updates are installed like regular updates, and take effect without the need for a system restart.

The following is how Microsoft explains hotpatching works:

It works by patching the in-memory code of running processes without the need to restart the process.

Microsoft Learn

This means that the changes are made where required, including the processes running in the memory at the very moment the hotpatch is installed. Since the changes are made in the memory directly, the system does not need to restart to fetch new information from the system’s storage.

That said, the ability to hotpatch Windows 11 does not absolve it from not restarting at all. This is what Microsoft has to say:

Hotpatch works by first establishing a baseline with the current Cumulative Update. Periodically, the baseline is refreshed with the latest Cumulative Update, then hotpatches are released for two months following.

Microsoft Learn

This means that Microsoft will roll out monthly security updates through hotpatches. However, every few months, Microsoft will roll out security baselines, or core updates, installing which will require a system restart.

Regardless, this will impact the end Windows users significantly and not force them to restart critical production machines every so often.

Requirements for Windows 11 hotpatching

At the moment, there is only one requirement for hotpatching to work on Windows 11 – Virtualization Based Security (VBS) must be enabled.

To enable VBS, use these steps:

1. Press the Windows Key + R to open the Run Command box.

2. Type in “gpedit.msc” and press Enter to open the Group Policy editor.

3. Navigate to the following from the left pane:

   Local Computer Policy >> Computer Configuration >> Administrative Templates >> System >> Device Guard

4. Double-click the policy “Turn On Virtualization Based Security.”

   

5. Select Enabled and leave the other settings to default.

6. Click Apply and OK.

   

7. Now open the Command Prompt and run the following cmdlet to implement the changes:

   GPUpdate /Force

   

After performing the steps above, Virtualization Based Security will be enabled, and you should now be able to install hotpatches from Microsoft, including Windows 11 Insider Preview Build 26058.

Takeaway

Windows hotpatching is a great way to install Windows updates, especially on devices that do not afford any downtime, like development and production devices hosting apps, etc. Moreover, the regular Windows 11 users will not be interrupted by a “Restart your PC” notification when a cumulative update is installed in the background.

That said, Microsoft is yet to comment on the much-anticipated hotpatching feature on Windows 11. Speculations are that it will be introduced with Windows 11 24H2, but the reports are still unconfirmed.