Patch management is a key technology for maintaining security in IT systems. However, the patching operation itself can be a target of exploitation. The patch management software can expose the system to additional risk, and the process might also require system downtime. The patch or update must be applied by a trusted, privileged entity that is free from tampering or exploitation, especially in a virtualized hosting environment where virtual machines (VMs) run on top of a hypervisor. To address this critical need, IAI, along with Purdue University, proposes to build the Versatile Live Patching System (VLPS), a framework of tools that matches mission patching or updating requirements with a stealthy yet privileged patch deployment approach. The VLPS can patch or update a target system with new code or data for its software. It provides patching services from a hypervisor to a guest VM without special support from the guest VM. It can operate at two levels of execution: the guest kernel, and guest applications running in the guest VMs. VLPS uses three novel and different patching mechanisms to deliver the alteration. It is versatile and performs both kernel-level and user-level patching by dynamically selecting the most suited patching mechanism based on the access level required for the patch and the criticality of the mission. VLPS can operate with stealth, since the patching operations are not detectable by the guest. It is scalable, since there is no inherent limitation on the number of guests that can be patched. Further, there is no exposure of any additional attack vector to attackers targeting the VMs.