"Hotpatching" to apply updates without restarting the OS - Yoshikazu Akutsu's Windows Weekly Report

Windows Server 2022 Azure Edition Description

As Windows users know, updates that are required to be applied once a month or more are, frankly, a cumbersome existence. Still, considering the main purpose of fixing bugs and fixing security holes, I have no choice but to apply it. In the case of a company, it is necessary to conduct a preliminary survey of the scope of impact of the target update program and decide whether or not to distribute it within the organization. General users will have to restart their PCs or experience downtime, and for organizations it will lead to an increase in the amount of work.

Putting aside the burden on the organization, the problem is restarting the PC. In my case, press conferences and other events have gone online due to the corona crisis, and text editors, image processing applications, and recording systems are always running. After restarting the OS, all apps must be restarted manually, and that's exactly what the batch file is needed for. In any case, I always run a Windows PC and do some work every day, but restarting my PC once a month is depressing.

You may be wondering why Windows needs to be restarted after applying the update. Simply put, the targets for applying various updates are kernel mode (ring 0), which targets kernel modules and device drivers, which are the heart of the OS, and user mode (ring 3), which targets normal applications and modules. can be separated. Updates that fix bugs in Explorer, for example, are the latter. When applying an update that modifies kernel mode related modules that cannot be unloaded from memory, the PC must be restarted.

According to Microsoft's commentary, Hotpaching is a function that changes the code to be modified on-the-fly (direct writing). It prepares a Hotpaching table that includes the Hotpaching engine version of the target OS, table size, patch order number, etc., and modifies the module containing the target code. It supports the x64/ARM architecture and has long been used in some of the virtual machines running in Microsoft Azure.

For more information on Hotpaching, please see the explanation on the official blog, but unfortunately it is provided as a function of Windows Server 2022. The official document also states that Windows Server 2022 Datacenter: Azure Edition is the target OS. Strictly speaking, it also applies to Windows Server 2019 running on Microsoft Azure. In addition, whether the name is not fixed, we call it "Azure Automanage" here. In any case, Windows 10 and Windows 11 that we usually use cannot benefit from Hotpatching. I would like to expect that Windows 11 Enterprise running on Microsoft Azure will be supported first, and eventually Windows 11 on the endpoint will be implemented.

An IT writer born in 1972. After working as an editorial staff for various PC magazines such as general PC magazines, DOS/V magazines, and Windows magazines, he became independent. While loving Windows and Linux, he has written many PC-related books. In recent years, not only BtoC but also BtoB solutions coverage and interviews are the main battlefield. I have been taking it every day without setting a liver-free day, but the γ-GTP level has increased sharply, and urgent action is required.