Microsoft has just released an out-of-band (OOB) update, KB5064489, for Windows 11, version 24H2. This update addresses an issue that prevents some Azure Virtual Machines (VMs) from starting when Virtualization-Based Security (VBS) is enabled. The Redmond giant said this issue was affecting non-Trusted Launch General Enterprise (GE) VMs on older SKUs, due to a secure kernel initialization issue.
Once you"ve installed the KB5064489 update, your system should be on OS Build 26100.4656. You can check this by pressing Windows + R, type winver, and pressing Enter.
Microsoft decided to release this OOB update outside of the regular Patch Tuesday schedule due to its critical nature. While critical, it’s important to note that it only affected VMs using version 8.0 of VBS offered by the host, which is a non-default version, so those affected could be of a smaller number. The fix will mean smoother operations for businesses who rely on these setups to work without a hitch.
This update also bundled a servicing stack update (SSU), KB5063666, taking that component to build 26100.4651. While there’s nothing specific to mention about this bit of the update, it’s important as it allows crucial components of Windows to reliably receive and install future updates.
Topping off, Microsoft states that there are no known issues with this update, but that doesn’t mean you shouldn’t be careful because Neowin commenters frequently report issues when applying patches. It might be wise to backup any important data before doing the upgrade.
If you have any offline machines that can’t connect to Windows Update, you can download this update as an offline package from the Microsoft Update Catalog. To learn more, you can head over to the announcement on Microsoft Support and find notes for all of the previous Windows 11 updates, including the recent Patch Tuesday update that landed just last week.