Full Report
Microsoft has confirmed that some Windows 11 systems might fail to start after installing the KB5058405 security update released during this month's Patch Tuesday. [...]
Analysis Summary
# Vulnerability: Windows 11 Installation Failure After KB5058405 Update
## CVE Details
- CVE ID: Not Assigned (This is a known issue/bug related to an update, not a security vulnerability)
- CVSS Score: Not Applicable (Issue is related to system stability/functionality)
- CWE: Not Applicable
## Affected Systems
- Products: Windows 11
- Versions: Version 22H2 and Version 23H2
- Configurations: Primarily impacts enterprise usage, specifically Azure Virtual Machines, Azure Virtual Desktop, and on-premises virtual machines hosted on Citrix or Hyper-V. Home/Pro users are unlikely to be affected.
## Vulnerability Description
The installation of the optional Windows security update KB5058405 causes affected Windows 11 systems (mostly virtualized enterprise environments) to fail to start. Upon failure, the system displays a recovery error: `0xc0000098` with a message stating, "Your PC/Device needs to be repaired. The operating system couldn't be loaded because a required file is missing or contains errors," often pointing to an issue with `acpi.sys`.
## Exploitation
- Status: Not applicable (This is a stability bug introduced by an update, not a security exploit.)
- Complexity: Not applicable
- Attack Vector: Not applicable
## Impact
- Confidentiality: Unknown/Indirect (System downtime presents operational risk)
- Integrity: High (OS failure to load)
- Availability: High (System becomes completely unavailable)
## Remediation
### Patches
- Microsoft is currently **investigating** the issue. No specific corrective patch or update has been released at the time of this summary.
### Workarounds
- No official workarounds were published in the provided text, but implied mitigation is **avoiding the installation of KB5058405** on affected systems, especially in high-risk virtualized environments.
## Detection
- **Indicators of Compromise:** System booting into the recovery screen displaying error `0xc0000098` mentioning `acpi.sys` failure after installing update KB5058405.
- **Detection Methods and Tools:** Monitoring system event logs immediately following the application of KB5058405.
## References
- Vendor Advisory: hxxps://learn.microsoft.com/en-us/windows/release-health/status-windows-11-23H2#kb5058405-might-fail-to-install-with-recovery-error-0xc0000098-in-acpi-sys
- General News Source: hxxps://www.bleepingcomputer.com/news/microsoft/microsoft-windows-11-might-fail-to-start-after-installing-kb5058405/