Operational Defect Database
BugZero updated this defect 33 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
VMware | 97541
32-bit Windows VMs fail to boot after Windows Security Update (CVE-2023-24932)
Last update date:
4/16/2024
Affected products:
vSphere ESXi
Affected releases:
7.x8.0
Fixed releases:
No fixed releases provided.
Description:
Symptoms
On 32-bit Windows VMs with Secure Boot enabled, installing the Windows Security Update (released April 9th 2024) that makes Secure Boot changes associated with CVE-2023-24932 will result in the VM failing to boot into Windows after the update is applied and the VM is restarted. The VM will end up in the UEFI Boot Manager menu.
Purpose
This article is intended to describe the potential impact of the Windows Security update for CVE-2023-24932 and workarounds that are available.
Resolution
This issue is under investigation by Microsoft and VMware.
Workaround
If a 32-bit Windows VM has been updated and will no longer boot, follow step 3 in the "Recovery and Restore Procedures" section of Security Update Validation Program guide to test PCA2011 revocation to address CVE-2023-24932.Alternatively, disable secure boot using the steps in Enable or Disable UEFI Secure Boot for a Virtual Machine.Note: Disabling secure boot, uninstalling the patch, and reenabling secure boot will not workaround the issue.
Related Information
For more details see: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-2493.
