Virtualization Based Security (VBS) is a technology introduced by Microsoft some time ago in order to improve the security of the operating system, also confirmed in Windows Server 2022 (as well as in Windows 11). This is a solution that takes advantage of the hardware virtualization (Intel VT-x and AMD-V extensions) to isolate and protect some key system components from the rest of the platform. In another article we saw what VBS is and how it works, reporting that in some cases it can slow down performance.
The main features of VBS
The operation of VBS is based on a series of components: Virtual Secure Mode (VSM) creates a isolated environmentknown as Secure Kernel, within the operating system. It is an environment designed to perform critical security operations, such as credential and password management cryptographic keys, so that they are protected from malware attacks. Even from those who can compromise the system kernel operational. Device Guard helps protect your system from unauthorized software by running only digitally signed code, while Credential Guard helps protect credentials using credential isolation via VSM.
Microsoft October 2023 Update Causes Blue Screens with Windows Server 2022 and AMD EPYC Processors
After a series of reports received from business customers of the Redmond company, it emerged that thecumulative update KB5031364released in October 2023, is responsible for the appearance of blue screens on Windows Server 2022 systems based on AMD EPYC processor and with the VBS feature enabled.
Specifically, the issue in question affects the procedure for starting virtualized guest systems with the platform VMware ESXi. The BSoD screen (Blue Screen of Death) displays the error message “PNP DETECTED FATAL ERROR” (stop code).
The blue screen appears if and only if the setting “Expose IOMMU to guest OS” is enabled in the VMware virtualization solution settings. IOMUM (Input-Output Memory Management Unit) is a hardware component that manages the mapping of memory addresses used by I/O devices in the system. It provides an interface between memory access requests from hardware devices and the operating system. L’IOMMU exhibition to the guest operating system it offers various advantages in terms of isolation and security, direct access to host system devices and performance.
How to fix blue screen with EPYC processors and Windows Server 2022
While waiting for the release of an official Microsoft patch, the Redmond company recommends some temporary solutions to overcome the problem and avoid the appearance of the blue screen.
A possible strategy is to deactivate the “Expose IOMMU to guest OS” within the settings of the virtual machine guest VMware.
Alternatively, you can uninstall the update KB5031364, for example by issuing the following command from the Windows terminal window:
wusa /uninstall /kb:5031364
It must be said that this second intervention involves the removal not only of the code that negatively impacts the functioning of the guest machines but also all the others security fixes released by Microsoft in October 2023. The advice is to carefully check the security issues that deserve a quick resolution and then manually download and apply the individual “stand alone” updates rather than the cumulative package.