Emergency Microsoft Update for Windows Server 2022: Critical Fix for Hyper-V VM Freezes and Restarts
Microsoft has released an out-of-band (OOB) update for Windows Server 2022 to fix a critical Hyper-V bug causing virtual machines (VMs) to freeze or reboot unexpectedly. The issue particularly affects Confidential VMs in Azure—a specialized type of virtual machine designed to protect data during processing, not just at rest or in transit. In affected systems, VMs would freeze or restart randomly, disrupting services and requiring manual intervention from administrators.
This prompted Microsoft to take swift action by releasing cumulative update KB5061906, addressing the defect before it caused widespread disruption.
Technical Cause and Affected Systems
The root cause lies in a flaw in Hyper-V’s memory management for confidential virtual machines on Windows Server 2022. The issue appears in how Hyper-V handles a guest physical address (GPA) in its "direct send path." As a result, the Confidential VM may stop responding or reboot unexpectedly.
This issue primarily affects Confidential VMs in Azure that rely on hardware-level data isolation. Standard Hyper-V deployments without such VM types are generally not affected, except potentially in test environments.
The patch targets only Windows Server 2022—signaling that older or newer versions do not exhibit the same vulnerability. Organizations running Windows Server 2022 with Hyper-V roles and confidential VM features are especially at risk. Even if your Hyper-V environment doesn’t currently use these specialized VM types, understanding and applying the fix ensures stability and future-proofing.
The Fix: Cumulative Update KB5061906 (Out-of-Band)
On May 23, 2025, Microsoft released KB5061906, an emergency out-of-band cumulative update for Windows Server 2022. This update directly addresses the memory handling bug and corrects the instability in Confidential VMs.
Key characteristics of the update:
- Manual download only: Not delivered via Windows Update or WSUS. Administrators must download it manually from the Microsoft Update Catalog.
- Requires reboot: Applying the fix necessitates a system restart.
- Cumulative: It includes all previous updates and replaces prior ones for Windows Server 2022.
- Targeted version: Applies exclusively to Windows Server 2022, updating the OS build to 20348.3695.
If your organization hasn’t applied the May 2025 security update (KB5058385), Microsoft recommends installing KB5061906 directly since it includes both the security and quality fixes.
Recommendations for IT and Infrastructure Teams
This incident highlights the importance of proactive patch management and system monitoring. Here are our key recommendations:
- Apply the update urgently: If running Windows Server 2022 with Hyper-V, do not delay installing KB5061906.
- Monitor official advisories: Follow Microsoft’s Message Center and release notes for early warnings about known issues.
- Use staging environments: Always test updates in pre-production environments before full deployment.
- Have a Hyper-V continuity plan: Ensure Live Migration and cluster redundancy are in place for mission-critical VMs.
- Communicate internally: Share post-incident documentation and lessons learned with your IT teams.
- Stay current: Regularly update OS, drivers, and firmware. Balance security with stability through phased rollout plans.
Microsoft’s rapid response here is commendable, but not unprecedented. Similar emergency fixes for Hyper-V have appeared in the past due to regression bugs, container failures, or boot issues. Staying ahead of such risks is essential for uptime and system reliability.
Final Thoughts and Call to Action
The KB5061906 emergency update is a reminder that proactive defense is not optional—it’s mission-critical. When a flaw can bring down virtual infrastructure silently and without warning, timely action is the only safeguard against costly outages.
At Hack & Fix, we specialize in preventive cybersecurity and infrastructure consulting. Our services help organizations avoid incidents like this by ensuring early detection, expert guidance, and hands-on response strategies. Whether you need a Hyper-V audit, patch management plan, or real-time incident support, our team is ready to help.
Don’t wait for another bug or crash. Contact Hack & Fix today and let us secure your digital environment before problems escalate. Prevention is always more effective—and far less expensive—than emergency recovery.
🛡️ Let’s turn surprises into preparation. Hack & Fix is your trusted partner in system security and continuity.
You should also read:
Europol Strikes at Ransomware Networks Globally: 300 Servers and €3.5M Seized💻💰
In a major crackdown on cybercrime, Europol has successfully dismantled several key ransomware networks in a global operation. Between May 19 and May 22, 2025, law enforcement agencies around the world coordinated their efforts as part of Operation Endgame, taking down 300 servers 🌍, neutralizing…
Continue reading...
🚨 CISA Alert: Two Critical Adobe and Oracle Vulnerabilities Are Being Actively Exploited!
Cybersecurity is once again under pressure as the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two critical vulnerabilities in Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM) to its Known Exploited Vulnerabilities (KEV) list. These vulnerabilities allow attackers to execute remote code…
Continue reading...
The Critical Need for Penetration Testing in 2025: Safeguarding Against Evolving Cyber Threats 🔐
In the rapidly evolving digital landscape of 2025, the importance of cybersecurity has never been more pronounced. As organizations continue to embrace digital transformation, the attack surface for cybercriminals has expanded exponentially. In this context, penetration testing (pentesting) has emerged as a critical component of…
Continue reading...