Microsoft’s Pay-to-Patch Plan: Windows Server 2025 Security Updates Now Behind a Paywall
Microsoft is changing the game for Windows Server 2025 users. Get ready to open your wallets, because starting July 1st, applying those crucial security updates without a reboot will cost you. The tech giant is implementing a subscription-based model for its hotpatching feature, previously available in preview, setting the price at $1.50 per core per month. This decision is sparking debate, with some questioning whether essential security measures should come at an extra cost.
What is hotpatching? It's a technique already popular among Linux kernel, VMware, and Xen hypervisor users, allowing software updates to be applied without requiring a system reboot. For admins, this means avoiding dreaded downtime and implementing security fixes quickly and efficiently.
According to a post by Windows Server Product Marketing Manager Janine Patrick and Senior Program Manager Artem Pronichkin, this service aims to deliver eight hotpatches each year. The cycle involves a three-month pattern: one month of baseline updates requiring a reboot, followed by two months of hotpatches. Baseline months are scheduled for January, April, July, and October. Microsoft also notes that, on rare occasions, a non-hotpatch update might be necessary during a hotpatch month, necessitating a reboot.
Microsoft argues that hotpatching reduces the “window of vulnerability,” preventing admins from delaying updates and restarts after a security patch release. They also emphasize that this feature can save significant time and alleviate the inconvenience of traditional 'Patch Tuesday'.
Who gets it for free? Hotpatching will continue to be available at no cost for Azure Editions of Windows Server.
The Catch: Azure Arc Management Required
To utilize hotpatching, Windows Server 2025 machines need to be managed by Azure Arc, though Microsoft assures that using Arc for this purpose won't incur additional costs.
The controversy builds. This move by Microsoft mirrors a similar situation with detailed logs, where paying for access has drawn criticism. Some security experts argue that essential security features are becoming premium add-ons, potentially leaving those who don't pay extra at a disadvantage.
This new policy is not mandatory. Users can continue to receive software updates on the regular schedule, but those wanting zero-downtime security will incur extra charges.
As Kurt Mackie at RedmondMag notes "Hotpatching, Microsoft said, will still require a Windows Servers restart about four times yearly for baseline updates, but adds that hotpatching can save significant time and ease the inconvenience of a traditional Patch Tuesday."
What do you think? Will you be willing to pay for non-disruptive security patches, or will you stick with the traditional update schedule? Let us know in the comments below.
