Microsoft has released an out-of-band (OOB) update, KB5064489, for Windows 11 version 24H2, addressing a critical issue that prevented certain Azure Virtual Machines (VMs) from booting when Virtualization-Based Security (VBS) was enabled. This problem primarily affected non-Trusted Launch General Enterprise (GE) VMs on older SKUs due to a secure kernel initialization issue. (learn.microsoft.com)
After installing KB5064489, systems will be updated to OS Build 26100.4656. Users can verify this by pressing Windows + R, typing "winver," and pressing Enter. This update also includes a servicing stack update (SSU), KB5063666, bringing that component to build 26100.4651. (learn.microsoft.com)
Microsoft released this OOB update outside the regular Patch Tuesday schedule due to its critical nature. The issue specifically impacted VMs using version 8.0 of VBS offered by the host, which is a non-default version, suggesting a limited number of affected users. The update aims to ensure smoother operations for businesses relying on these configurations. (learn.microsoft.com)
Microsoft has stated that there are no known issues with this update. However, as a precaution, users are advised to back up important data before proceeding with the installation. For offline machines unable to connect to Windows Update, the update is available as an offline package from the Microsoft Update Catalog. (learn.microsoft.com)
This release underscores Microsoft's commitment to promptly addressing critical issues affecting its cloud infrastructure, ensuring minimal disruption for Azure users.
Source: Neowin Windows 11 24H2 gets emergency fix (KB5064489) for Azure VM boot issues
