Windows Server 2022 Hotpatching Extended to October 2027

Did Microsoft really extend Windows Server 2022 hotpatching to October 2027?

Yes. In late June 2026, Microsoft confirmed that hotpatching for Windows Server 2022 Datacenter: Azure Edition will keep running through October 2027 — a full year past the platform's mainstream support cutoff of October 2026. The change took effect immediately, and the existing monthly security-update cadence stays exactly the same.

The detail that trips people up is right there in the edition name. This extension applies only to Azure Edition machines that are already enrolled in hotpatch updates. Run Windows Server 2022 Standard, Datacenter, or Essentials on a normal box and you keep getting security patches until extended support ends on October 14, 2031 — but you do not get hotpatching past October 2026. The reboot-free benefit is the thing being extended, not the patches themselves.

For anyone running websites, that distinction matters more than the headline. Hotpatching is, at heart, an uptime feature. So the real question isn't “did the date move” — it's “does my server actually qualify, and if not, what's the equivalent?”

What hotpatching actually does for your server

Normal Windows patching is a two-step ritual: install the update, then reboot so the new code loads. The reboot is the painful part. Every restart is a maintenance window, a few minutes of downtime, and a small risk that something doesn't come back up cleanly. On a busy web server, those windows add up.

Hotpatching skips the reboot for most months. It applies security fixes directly to the in-memory code of running processes, so the patched code takes effect without restarting the service or the machine. Microsoft's own framing is blunt about why this matters: applying updates to running processes “helps maintain uptime, reduces servicing disruptions, and shortens the time it takes to respond to vulnerabilities.”

The cadence works in three-month cycles. One baseline month ships a full cumulative update and needs a reboot; the next two months ship hotpatches with no reboot. The four baseline months are January, April, July, and October. Net result: up to eight hotpatches a year and roughly four planned reboots instead of twelve.

Hotpatching is not a free pass on every reboot. Security updates go in live, but non-security updates and non-Windows components like the .NET runtime still arrive through the regular channel and still require a restart.

So you get faster vulnerability response and far fewer maintenance windows — but you should still plan for a quarterly reboot and the occasional out-of-band restart. Anyone who tells you a hotpatched server never reboots is overselling it.

The catch: which editions actually qualify

This is where most write-ups gloss over the important part. The extension is narrow. Here's who gets what after October 2026:

Two things jump out. First, hotpatching for Windows Server 2022 Azure Edition has been available since February 2022 and remains included for qualifying machines — no new fee was attached to this extension. Second, the newer Windows Server 2025 moved hotpatching to a paid subscription: as of July 1, 2025, on-premises and non-Azure hotpatching costs about $1.50 per CPU core per month through Azure Arc. On a 16-core box that's roughly $288 a year just to avoid reboots.

That pricing shift is the quiet story here. The 2022 extension buys breathing room on a benefit that, going forward, Microsoft increasingly treats as a paid add-on rather than a default.

What this means if you run a Windows VPS or dedicated server

Most Windows hosting in the wild is not Azure Edition. If your site runs on a Windows VPS or dedicated server from a typical hosting provider, you're almost certainly on Standard or Datacenter — which means this extension changes nothing for you directly. Your patches keep coming until 2031; your reboots keep coming monthly.

That's not a crisis, but it is a planning input. A few practical takeaways:

• Confirm your edition before you assume you're covered. Run winver or check your provider's panel. “Windows Server 2022” alone doesn't tell you whether hotpatching applies.
• Treat reboots as a scheduling problem, not an emergency. Pick a low-traffic window, automate the restart, and use a status page so visitors aren't guessing.
• Weigh the cost of reboot-free patching honestly. If a few minutes of monthly downtime genuinely hurts your business, the Windows Server 2025 subscription or an Azure-hosted Edition may be worth it. For most blogs, brochure sites, and small apps, it isn't.
• Ask whether you even need Windows. If your stack isn't tied to IIS, MSSQL, or .NET Framework, a Linux host is usually cheaper, lighter, and gives you reboot-free patching for free (more on that next).

Why uptime is a hosting decision, not just an OS feature

Reboot frequency is only one piece of real-world uptime. Your provider's network, hardware redundancy, and how quickly they respond to incidents matter just as much as the patch model. A privacy-forward host like LaunchPad Host runs Linux VPS and dedicated plans where live kernel patching is standard, so the reboot-free advantage Microsoft now reserves for Azure customers comes baked in — without an Azure bill or a per-core surcharge.

Linux live patching: the reboot-free option for everyone else

Here's the information gap most coverage leaves open: the Linux world has had reboot-free patching for years, and it's available far more broadly than Windows hotpatching. If avoiding restarts is your goal, you don't need Azure Edition — you need a Linux server with live patching enabled.

The kernel-level tools cover the part that normally forces the most disruptive reboots:

• Canonical Livepatch — free for up to a handful of machines on Ubuntu LTS, applies critical and high-severity kernel CVE fixes with no reboot.
• KernelCare / TuxCare — a paid, distro-agnostic service popular with hosting providers; patches the running kernel on CentOS, AlmaLinux, Rocky, Debian, Ubuntu, and more.
• kpatch and Oracle Ksplice — the underlying live-patching mechanisms used across Red Hat–family and Oracle Linux systems.

The honest caveat is the same as on Windows: live patching covers the kernel and key libraries, not every package. A glibc or OpenSSL update may still call for a service restart, and a major version upgrade still means a reboot. But for the steady stream of kernel CVEs that would otherwise demand emergency restarts, live patching closes the window between “fix released” and “fix applied” — which is exactly the security win Microsoft is selling with hotpatching.

If you're choosing a host with uptime in mind, ask directly: do you offer live kernel patching, and is it included or extra? The answer tells you a lot about how seriously a provider takes both security and availability.

How to plan your hosting around patch cadence

Strip away the headline and the practical playbook is short. Match your patch strategy to how much downtime your site can actually tolerate, then pick the OS and host that deliver it without overpaying.

• Low-stakes site (blog, portfolio, brochure): a brief monthly maintenance window is fine. Don't pay for reboot-free patching you won't notice missing. A well-run Linux VPS with Livepatch already gets you most of the benefit at no cost.
• Revenue-sensitive site (store, SaaS, busy community): minimize reboots. On Linux, enable live kernel patching; on Windows, either move to an Azure Edition / WS 2025 hotpatch subscription or build real redundancy so a single reboot never takes you offline.
• Privacy- or jurisdiction-sensitive workload: factor in where the server lives alongside how it's patched. Offshore and privacy-focused hosting keeps you compliant with legitimate goals — free speech, data protection, lawful content — while still giving you modern security hygiene.

Whatever you run, the underlying principle holds: security updates should be applied fast, and downtime should be rare and scheduled. Microsoft extending Windows Server 2022 hotpatching to October 2027 is a reminder that reboot-free patching has become a baseline expectation, not a luxury. If your current host can't tell you how they handle kernel updates and reboots, that's worth fixing.

LaunchPad Host builds offshore, privacy-forward Linux hosting around exactly that expectation — live-patched servers, crypto-friendly billing, and domains under one roof — so you get the uptime benefits of modern patching without tying your site to a single cloud vendor's roadmap.