Microsoft has recently released an out-of-band (OOB) update, KB5064489, to address a critical issue affecting Azure Virtual Machines (VMs) running Windows Server 2025 and Windows 11 24H2. This emergency patch resolves a bug that prevented certain VMs from launching when Virtualization-Based Security (VBS) was enabled and the Trusted Launch feature was disabled.
The problem emerged following the July Patch Tuesday security updates, where VMs utilizing version 8.0—a non-default configuration—experienced startup failures due to a secure kernel initialization issue. In Azure environments, this specifically impacted standard (non–Trusted Launch) General Enterprise (GE) VMs operating on older VM SKUs. Microsoft's swift response underscores the importance of maintaining system integrity and minimizing downtime for enterprise users.
To determine if your VMs are affected, Microsoft recommends the following steps:
- Verify VM Configuration: Confirm that your VM is configured as "Standard."
- Check VBS Status: Open System Information (
msinfo32.exe) and ensure that Virtualization-Based Security is running. - Hyper-V Role: Ensure that the Hyper-V role is not installed within the VM.
This release highlights Microsoft's commitment to promptly addressing critical vulnerabilities, ensuring the stability and security of its cloud infrastructure. Administrators are encouraged to stay vigilant with updates and monitor official channels for any further developments.
Source: BleepingComputer Windows KB5064489 emergency update fixes Azure VM launch issues
Last edited:
