VM using an x86-based processor fails to boot after Windows Security Update (CVE-2023-24932)
Article ID: 325212
Updated On:
Products
VMware vSphere ESXi
Issue/Introduction
- VM is using x86-based processor with Secure Boot enabled.
- Installing the Windows Security Update (released April 9th 2024) on the VM will make Secure Boot changes associated with CVE-2023-24932
- Once the VM has been restarted after applied updates, VM will fail to boot into Windows
- The VM ends up in the UEFI Boot Manager Menu
Environment
VMware vSphere ESXi 8.0.X
VMware vSphere ESXi 7.0.X
Cause
- VM using an x86-based processor with Secure Boot enabled
Resolution
- This issue is under investigation by Microsoft and VMware.
Workaround:
If a VM using an x86-based processor has been updated and will no longer boot, follow step 3 in the "Recovery and Restore Procedures" section of
Security Update Validation Program guide to test PCA2011 revocation to address CVE-2023-24932.
Alternatively, disable secure boot using the steps in Activate or Deactivate UEFI Secure Boot for a Virtual Machine.
Note: Disabling secure boot, uninstalling the patch, and reenabling secure boot will not workaround the issue.
Additional Information
Feedback
Yes
No
Powered by
