Microsoft’s May 2025 security update for Windows 11 has triggered system instability in certain environments, with users reporting critical boot failures linked to the ACPI.sys driver.
The issue primarily impacts enterprise virtual machines but highlights broader challenges in maintaining compatibility across hybrid infrastructure.
As the company works on a permanent fix, administrators are advised to pause deployments in affected configurations.
The KB5058405 cumulative update, released on May 13, 2025, for Windows 11 versions 22H2 and 23H2, has caused devices to enter recovery mode with the error code 0xc0000098 and a missing/corrupted ACPI.sys file.
This Advanced Configuration and Power Interface driver is fundamental to hardware communication, affecting systems’ ability to initialize components like processors, memory controllers, and power management features.
Microsoft confirmed the problem manifests most frequently in virtualized environments, including Azure Virtual Machines, Azure Virtual Desktop instances, and on-premises deployments using Citrix or Hyper-V platforms.
Physical devices and consumer-grade virtual machines appear largely unaffected, with enterprise IT teams bearing the brunt of disruption.
The company’s engineering team traced the fault to incompatible driver stack interactions in virtualized firmware layers, though a root cause analysis remains ongoing.
Windows 11 Security Update
Organizations relying on cloud-based or hybrid virtual desktop infrastructures face operational hurdles, as affected systems cannot boot into Windows after applying the update.
Early adopters who deployed KB5058405 reported being stuck in a boot loop, with recovery options limited to command-line tools or cloud-based remediation workflows.
The risk profile varies by platform:
- Azure VMs: Microsoft recommends using the Azure Virtual Machine repair commands toolkit to mount damaged OS disks to healthy VMs for file repairs.
- Citrix/Hyper-V: Administrators must restore from backups or redeploy master images without the problematic update.
- Physical devices: Less than 0.3% of non-virtualized systems encountered the bug, primarily those with custom ACPI firmware tables.
Notably, the error occasionally references other system files beyond ACPI.sys, suggesting deeper compatibility issues with the update’s driver validation routines.
Microsoft has temporarily halted automatic deployments to Azure-hosted VMs while urging on-premises administrators to exclude KB5058405 from patch cycles until further notice.
Mitigations
As an interim solution, Microsoft published registry-based workarounds to bypass ACPI.sys checks during boot sequences for advanced users.
However, these tweaks disable critical power management features and are not recommended for production environments.
The Azure support team emphasizes leveraging snapshot-based rollback capabilities in cloud platforms to revert to pre-update states with minimal downtime.
A hotfix is expected by early June 2025, delivered via the Windows Update for Business service and Microsoft Update Catalog.
Enterprise customers can anticipate revised installer packages (KB5058405_rev1) with updated driver compatibility shims. Until then, system administrators should:
- Audit virtual machine deployments for pending KB5058405 installations.
- Configure update rings to block this specific patch.
- Test emergency repair procedures using Azure’s VM repair toolkit.
While consumer editions remain largely unaffected, this incident underscores the growing complexity of maintaining update reliability across diverse hardware and virtualization ecosystems.
Microsoft has committed to enhancing pre-release testing for enterprise configurations, aiming to prevent similar disruptions during future monthly security rollouts.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
