Microsoft is working on a way to reduce the number of mandatory reboots associated with Windows security updates.
This development involves hotpatching, which allows the installation of security patches without requiring a system restart.
What Is Hotpatching?
Hotpatching is a technique that enables the operating system to apply updates without the need for a direct reboot.
It patches the in-memory code of running processes without disrupting your active applications.
This allows security updates to be installed seamlessly, enhancing security while minimizing interruptions.
Windows 11 and Hotpatching
Microsoft is currently testing this feature in Windows 11 preview build 26058.
PCs with Virtualization Based Security or VBS enabled can apply these updates without requiring a reboot.
Even though your Windows PC runs on physical hardware, having Virtualization Based Security (VBS) enabled isolates the OS from the rest of the hardware.
This isolation ensures that hotpatching can still work seamlessly.
VBS is automatically enabled on any Windows 11 PC that meets the operating system’s install requirements.
The goal is to make it easier for users to stay up-to-date without disrupting their workflow.
While you’ll still need to reboot occasionally, this is a significant improvement over the current situation.
Unanticipated zero-day patches may still require more frequent reboots.
Arm-based versions of Windows 11 won’t receive this feature until about a year from now.
For x86 processors, Microsoft plans to roll out hotpatching as part of Windows 11 24H2 in the second half of 2024.
Initially, it will be available for x86-64 systems (your typical Intel/AMD PCs).
ARM64 devices won’t be left out—they’ll likely receive hotpatching support in 2025.
However, hotpatching aims to reduce the annoyance of unexpected reboots, allowing you to continue your tasks without unnecessary interruptions. We need to watch for this improvement in future Windows updates.