Microsoft has confirmed that its latest Windows 11 security update is causing significant boot failures across virtual machine environments, leaving enterprise users unable to access their systems.
The May 13, 2025, cumulative update has triggered the critical error code 0xc0000098 in ACPI.sys, primarily affecting Windows 11 versions 22H2 and 23H2 running in virtualized environments, including Azure Virtual Machines, Azure Virtual Desktop, and on-premises systems hosted on Citrix or Hyper-V platforms.
Boot Failures in Virtual Environments
The problematic update has predominantly impacted enterprise virtual environments rather than consumer devices, with Microsoft acknowledging that “home users of Windows using Home or Pro editions are unlikely to face this issue, as virtual machines are mostly used in IT environments”.
Affected systems display the recovery error message: “Your PC/Device needs to be repaired. The operating system couldn’t be loaded because a required file is missing or contains errors”.
Enterprise IT administrators have reported widespread boot failures following the automatic installation of KB5058405, which was distributed as part of Microsoft’s May 2025 Patch Tuesday cycle.
The issue has been “observed on a small number of physical devices, but primarily on devices running in virtual environments”, creating significant operational disruptions for organizations relying on virtualized Windows 11 deployments.
Microsoft updated its Windows release health dashboard on May 28, 2025, officially confirming the issue and marking its status as “Confirmed” rather than merely under investigation.
The company has been tracking reports since the update’s release on May 13, 2025, affecting OS Build 22621.5335.
The root cause centers on the ACPI.sys file, described as “a critical Windows system driver that enables Windows to manage hardware resources and power states”.
ACPI.sys functions as the Windows Advanced Configuration and Power Interface driver, operating as a kernel-mode component essential for power management and device configuration on systems with ACPI BIOS.
When the update corrupts or conflicts with this driver, systems become unable to complete the boot process, displaying error code 0xc0000098.
This specific error indicates “that the operating system cannot load due to a missing or corrupted system file”, effectively rendering affected virtual machines inaccessible until remediation steps are implemented.
Microsoft has noted that “there are also reports of this same error occurring with a different file name”, suggesting the issue may extend beyond ACPI.sys to other critical system components.
The virtualization-specific nature of these failures points to potential compatibility issues between the security update and hypervisor environments.
Temporary Workarounds
Microsoft is actively developing solutions for affected enterprise customers, with the company stating it is “working on a resolution for this issue, with plans to release an Out-of-band update in the coming days”.
For Azure customers experiencing immediate issues, Microsoft recommends utilizing “self-help repair steps outlined in this article: Repair a Windows VM using Azure Virtual Machine repair commands”.
The timing of this issue is particularly challenging given that Windows 11 version 23H2 will continue receiving monthly security updates until November 11, 2025, for Home and Pro editions, while Enterprise and Education editions remain under mainstream support until November 10, 2026.
Organizations may need to implement temporary workarounds, including system restore procedures or update rollback strategies, while awaiting Microsoft’s official resolution.
Live Credential Theft Attack Unmask & Instant Defense – Free Webinar
.webp?w=100&resize=100,70&ssl=1 "Top 10 Best Autonomous Endpoint Management Tools in 2025")
