The last month has not been very successful for Microsoft in terms of ensuring the security of the most popular computer OS. One of the recent updates added an empty inetpub folder to the system disk. At first, there were many tips on how to remove it, but only later did Microsoft warn that deleting this folder can make the system vulnerable to attacks. As it turned out later, this very folder actually opened the way to another type of hacker attack. And here’s a new controversial topic regarding OS updates — paying for a monthly subscription to so-called «hot patches» without having to reboot the system.
A few weeks ago, Microsoft announced that it was working on the possibility of installing security updates without restarting the computer. Such updates are downloaded in the background and applied directly to the RAM of active processes. Initially, this feature could only be used in Windows 11 Enterprise version 24H2 for devices with x64 (AMD/Intel) processors managed through Microsoft Intune. Now it has been announced that this feature will be available in Windows Server 2025 on July 1.
«Hot Patches» are especially useful in a server environment, because the fewer reboots, the more servers are available for useful work. In addition, smaller packages allow for faster installation of updates, and updates can be managed through Azure Update Manager. But most importantly, it reduces the «vulnerability window», which is the period when a system already has a vulnerability but has not yet been updated. This is especially critical when administrators postpone updates to avoid rebooting servers immediately after patches are released.
However, this big barrel of honey was not without a fly in the ointment. Microsoft has announced that starting July 1, «hotfixes» for Windows Server 2025 will become a paid feature on a subscription basis. And here’s the main thing — the cost will be $1.50 per processor core per month. Yes, it’s per core, not per server. Given that servers can contain many processors, each of which can have dozens or even more than a hundred (AMD EPYC contains up to 128 cores) of CPU cores, the amount for the update can be quite large. The good thing is that this feature is optional, so each administrator will decide for himself whether it’s worth the cost.
It’s also worth noting that even with «hot patches», server reboots are unavoidable. According to Microsoft, even with «hot patches», you will need to reboot servers about 4 times a year to install basic updates. But in the rest of the months, it greatly simplifies security maintenance, in particular during traditional «Patch Tuesday» updates.
Source: forbes