Windows 11 Out-of-Band Update Fixes Azure VM Startup Failures

Microsoft has rolled out an out-of-band update (KB5064489) for Windows 11 version 24H2 to fix a critical issue that prevented some Azure Virtual Machines (VMs) from booting when Virtualization-Based Security (VBS) was enabled. In addition to resolving this startup glitch, the update also includes security enhancements and improvements from the July 8 update (KB5062553).

Microsoft previously explained that the cause of the problem was caused by a secure kernel initialization issue. The secure kernel is a critical part of the VBS infrastructure that helps isolate sensitive operations from the rest of the operating system. If it fails to initialize properly, the VM can’t boot.

“This update addresses an issue that prevented some virtual machines (VMs) from starting when Virtualization-Based Security (VBS) was enabled. It affected VMs using version 8.0 (a non-default version) where VBS was offered by the host. In Azure, this applies to standard (non–Trusted Launch) General Enterprise (GE) VMs running on older VM SKUs. The problem was caused by a secure kernel initialization issue,” Microsoft explained.

How to get the out-of-band update on Windows 11?

This release also addresses an issue found in Event Viewer as Event 2042 for Windows Firewall with Advanced Security. Moreover, it fixes a bug where notification sounds didn’t play, including on-screen alerts, volume adjustments, and sign-in.

Microsoft says that the out-of-band update should be installed automatically on all Windows 11 PCs via Windows Update. However, administrators with machines that can’t connect to the internet can download this update as an offline package from the Microsoft Update Catalog.