The latest security updates for July 2025 have introduced significant issues affecting virtual machines running Windows Server 2025 and Windows 11 24H2. Reports indicate that VMs on Hyper-V and VMware ESXi fail to start after the update, impacting operations in both local environments and Azure cloud deployments. These updates trigger problems due to Virtualization-Based Security (VBS) settings, particularly when using outdated configurations like Hyper-V version 8.0.
Microsoft has acknowledged these issues and released an Out-of-Band Update KB5064489 on July 13, 2025, aimed at resolving the startup failures for affected VMs. However, system administrators must manually download and install this update to address the problems. The underlying issue stems from a secure kernel initialization problem that interferes with VBS functionality in older Hyper-V configurations.
Virtual machines running on Azure face similar challenges if Virtualization-Based Security (VBS) is enabled without Trusted Launch security features. This has led to VMs freezing, especially when utilizing ESXi 7.0, resulting in significant downtime and operational disruptions for enterprises relying heavily on these virtualized environments. IT professionals are advised to review their Hyper-V settings and consider upgrading configurations to avoid potential issues caused by future updates.
To mitigate the issue, users should update to a more recent version of Hyper-V if they encounter booting problems after applying July 2025 updates. Alternatively, disabling VBS for affected VMs can serve as a temporary workaround while waiting for official patches from Microsoft. For organizations leveraging Azure Virtual Machines with Trusted Launch disabled, it’s crucial to implement the KB5064489 update immediately.
Issues With Windows Server 2025 and July 2025 Updates
Several third-party sources have reported on similar issues regarding VM instability following updates in various environments. IT professionals and administrators are sharing their experiences across forums, highlighting commonalities such as Hyper-V configuration version 8.0 being a contributing factor to these problems.
In one instance, a user described freezing issues with Windows Server 2025 VMs post-July 10, 2025 updates, similar to those seen in Azure and Hyper-V setups. These reports emphasize the need for immediate action from Microsoft to address such widespread compatibility concerns affecting critical infrastructure components.
Another report details the use of dism.exe commands to revert pending actions and restore functionality after experiencing boot issues with Windows Server VMs. This underscores the complexity of managing updates in virtualized environments where multiple software layers interact, each potentially introducing vulnerabilities or operational hiccups.
These external accounts align closely with Microsoft’s official acknowledgment and subsequent patch release but add a layer of real-world context from frontline IT professionals facing these challenges first-hand. They highlight not only technical issues but also the broader impact on operational continuity and security practices within organizations heavily reliant on virtualized systems.
Similar questions
What are the main issues caused by the July 2025 security updates?
Are these issues affecting only Hyper-V or also other virtualization platforms like VMware ESXi?
How can system administrators resolve the startup failures for affected VMs?
Is there a specific date when Microsoft released the Out-of-Band Update KB5064489?
What is the underlying cause of the problems with Virtualization-Based Security (VBS)?
Do Azure Virtual Machines also face challenges due to these security updates?
Can you explain what Trusted Launch security features are in relation to VBS?
Is there a temporary workaround for VMs that cannot be updated immediately?
Should organizations upgrade their Hyper-V configurations to avoid future issues?
What is the recommended action for enterprises using Azure Virtual Machines with Trusted Launch disabled?