book
Article ID: 325212
calendar_today
Updated On:
Issue/Introduction
This article is intended to describe the potential impact of the Windows Security update for CVE-2023-24932 and workarounds that are available.
Symptoms:
On 32-bit Windows VMs with Secure Boot enabled, installing the Windows Security Update (released April 9th 2024) that makes Secure Boot changes associated with CVE-2023-24932 will result in the VM failing to boot into Windows after the update is applied and the VM is restarted. The VM will end up in the UEFI Boot Manager menu.
Environment
VMware vSphere ESXi 8.0.x
VMware vSphere ESXi 7.x
Resolution
This issue is under investigation by Microsoft and VMware.
Workaround:
If a 32-bit Windows VM has been updated and will no longer boot, follow step 3 in the "Recovery and Restore Procedures" section of
Security Update Validation Program guide to test PCA2011 revocation to address CVE-2023-24932.
Alternatively, disable secure boot using the steps in
Enable or Disable UEFI Secure Boot for a Virtual Machine.
Note: Disabling secure boot, uninstalling the patch, and reenabling secure boot will not workaround the issue.