Microsoft Releases KB5061906 Update to Fix Hyper-V VM Issues on Windows Server 2022

Microsoft has recently released an out-of-band (OOB) cumulative update, KB5061906, to address critical issues affecting Hyper-V virtual machines (VMs) running on Windows Server 2022. These issues primarily impact Azure confidential VMs, leading to unexpected freezes and restarts, thereby compromising service availability and necessitating manual intervention.

Understanding the Issue​

Azure confidential VMs are designed to protect data during processing, ensuring that information remains secure not only when stored or transmitted but also while in use. However, a flaw in the direct send path for a guest physical address (GPA) within Hyper-V on Windows Server 2022 caused these VMs to intermittently stop responding or restart unexpectedly. This problem posed significant challenges for organizations relying on these VMs for secure data processing.

Microsoft's Response​

In response to these disruptions, Microsoft issued the KB5061906 update, which supersedes all previous updates for Windows Server 2022. This OOB update specifically targets the identified flaw, aiming to restore stability and reliability to affected systems. Notably, Microsoft has indicated that this issue primarily affects Azure confidential VMs and is not expected to impact standard Hyper-V deployments, except in rare cases involving preview or pre-production configurations.

Deployment and Installation​

The KB5061906 update is not available through Windows Update and will not install automatically on impacted servers. Administrators must manually download and install the standalone MSU package from the Microsoft Update Catalog. For environments that have not yet deployed the May 2025 Windows security update (KB5058385) and include Windows Server 2022 devices running Hyper-V, Microsoft recommends applying this OOB update instead. Organizations unaffected by this issue are advised that installation of this update is not necessary.

Historical Context​

This is not the first instance where Windows Server updates have led to issues with Hyper-V VMs. In October 2023, updates caused VMs on Hyper-V hosts to fail to start, displaying "failed to start" errors. Similarly, in December 2022, cumulative updates prevented the creation of new VMs on Hyper-V hosts managed by System Center Virtual Machine Manager (SCVMM) and utilizing Software Defined Networking (SDN). These recurring issues underscore the complexities involved in maintaining and updating virtualized environments.

Critical Analysis​

While Microsoft's prompt release of the KB5061906 update demonstrates a commitment to addressing critical issues swiftly, the recurrence of such problems raises concerns about the robustness of the update testing and deployment processes. Organizations relying on Hyper-V for virtualization must remain vigilant, ensuring that updates are thoroughly tested in staging environments before deployment to production systems. Additionally, the necessity for manual installation of critical updates like KB5061906 places an additional burden on IT administrators, highlighting the need for more streamlined and automated update processes.

Conclusion​

The release of the KB5061906 update is a crucial step in resolving the stability issues affecting Azure confidential VMs on Windows Server 2022. However, this incident serves as a reminder of the importance of rigorous testing and cautious deployment of updates in complex virtualized environments. Organizations must balance the need for timely security patches with the potential risks of introducing new issues, emphasizing the importance of comprehensive update management strategies.

---

Source: BleepingComputer Windows Server emergency update fixes Hyper-V VM freezes, restart issues