32-bit Windows VMs fail to boot after Windows Security Update (CVE-2023-24932)
search cancel

32-bit Windows VMs fail to boot after Windows Security Update (CVE-2023-24932)


Article ID: 325212


Updated On:


VMware vSphere ESXi


This article is intended to describe the potential impact of the Windows Security update for CVE-2023-24932 and workarounds that are available.

On 32-bit Windows VMs with Secure Boot enabled, installing the Windows Security Update (released April 9th 2024) that makes Secure Boot changes associated with CVE-2023-24932 will result in the VM failing to boot into Windows after the update is applied and the VM is restarted. The VM will end up in the UEFI Boot Manager menu.


VMware vSphere ESXi 8.0.x
VMware vSphere ESXi 7.x


This issue is under investigation by Microsoft and VMware.

If a 32-bit Windows VM has been updated and will no longer boot, follow step 3 in the "Recovery and Restore Procedures" section of 
Security Update Validation Program guide to test PCA2011 revocation to address CVE-2023-24932.

Alternatively, disable secure boot using the steps in Enable or Disable UEFI Secure Boot for a Virtual Machine.

Note: Disabling secure boot, uninstalling the patch, and reenabling secure boot will not workaround the issue.

Additional Information

For more details see: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-2493.