Windows Security Patches Won't Need Reboot

John Lister's picture

Windows 11 users may soon be able to install updates without needing to reboot their computers. The "hotpatch" system will initially debut for business users.

The idea of a Windows update without a reboot isn't new but has previously only been available for Windows Server and Datacenter versions, where even a brief period offline during a reboot can be problematic. (Source: techradar.com)

The new hotpatch system will initially be available for Enterprise users of Windows 11 (if already updated to the 24H2 version), covering both the outright purchase and 365 subscription models. Users will need to opt in to the system.

Quarterly Reboots Needed

It's not strictly an end to rebooting, and there is one drawback. Opted-in users will get updates in January, April, July and October that will include the latest security patches plus any features and enhancements released in the previous three months. These updates will still need a full reboot to take effect. (Source: microsoft.com)

In all other months, users will get the "hotpatch" which includes all the latest security fixes. This will take effect immediately without any interruption or need for a reboot. They work by updating the code in the computer's memory, getting the immediate benefits while making it possible to wait until the next reboot until permanently changing the code in Windows itself.

Home Users In Dark

Microsoft believes convenience and security are interlinked with the changes. Businesses often find the need to reboot work computers for an update problematic given both the interruption to specific devices and the way some computers will rely on other machines being online to work fully.

However, IT staff delaying updates until the most convenient schedule for work could mean computers are exposed to attacks for longer. That's particularly risky just after a Microsoft security patch when hackers may become aware of a particular vulnerability and immediately target it. Unfortunately there's no word at all from Microsoft about if or when a similar function will come to home users.

What's Your Opinion?

Do you find having to reboot to install an update a problem? Would you use hotpatching if it was available? Will this boost security as hoped?

Rate this article: 
Average: 5 (5 votes)

Comments

Dennis Faas's picture

Far as I know, the reason why reboots are necessary is due to the use of Dynamic Link Libraries (DLLs), which are shared amongst multiple programs and processes, some of which are used by the operating system itself. Hence, the only way to update the system without breaking it is during a reboot when the DLLs aren't being used.

Hobbster's picture

That is my understanding too. It makes you suspect that the security patches may or may not pack the punch truly needed to protect business systems if it can't patch the DLLs the OS is using for 3 months. Hackers are going to be aware of this and what's going to stop them from making a concerted effort to break into some banking system's computers or some high-end business' system? Surely MS has considered all this in producing this plan. We'll see if it actually comes to fruition.