Microsoft has launched an emergency replace to repair a bug that forestalls Azure digital machines from launching when the Trusted Launch setting is disabled and Virtualization-Based mostly Safety (VBS) is enabled.
The bug impacted Home windows Server 2025 and Home windows 11 24H2 and was launched in the course of the July Patch Tuesday safety updates.
“This replace addresses a difficulty that prevented some digital machines (VMs) from beginning when Virtualization-Based mostly Safety (VBS) was enabled,” explains Microsoft.
“It affected VMs utilizing model 8.0 (a non-default model) the place VBS was provided by the host. In Azure, this is applicable to straightforward (non–Trusted Launch) Common Enterprise (GE) VMs working on older VM SKUs.”
“The issue was attributable to a safe kernel initialization problem.”
Trusted Launch is an Azure characteristic that makes use of Safe Boot and a digital Trusted Platform Module (vTPM) to guard digital machines towards bootkits and different low-level threats.
On Sunday, Microsoft launched the KB5064489 out-of-band replace for Home windows 11 24H2 and Home windows Server 2025, which fixes the kernel initialization problem that prevented the VMs from launching.
Microsoft says that admins can decide if this bug would impression their VMs by performing these steps:
- Test in case your VM is created as “Normal”.
- Test if VBS is enabled. Open System Info (msinfo32.exe) and ensure that Virtualization-based safety is working and that the Hyper-V position is just not put in within the VM.
In case you are impacted, Microsoft recommends putting in this out-of-band replace as an alternative of the July eighth KB5062553 Patch Tuesday replace. The corporate additionally says you may forestall this problem by utilizing the Trusted Launch safety characteristic.
Microsoft has additionally up to date the Home windows Server 2025 VM pictures to incorporate the newer cumulative replace that fixes this bug.
Whereas cloud assaults could also be rising extra refined, attackers nonetheless succeed with surprisingly easy methods.
Drawing from Wiz’s detections throughout 1000’s of organizations, this report reveals 8 key methods utilized by cloud-fluent risk actors.
