Microsoft has released KB5064489, an out-of-band update for Windows 11 24H2, encompassing quality enhancements, security patches, and a resolution for Azure Virtual Machines with Trusted Launch disabled. The update resolves an issue that was hindering the startup of VMs with virtualization-based security enabled. 

July 13, 2025—KB5064489 (OS Build 26100.4656) Out-of-band

Improvements

This Out-of-band (OOB) update includes quality improvements. This update is cumulative and includes security fixes and improvements from the July 8, 2025, security update ( KB5062553), in addition to the following: 

• [Fix for Azure Virtual Machines with Trusted Launch disabled] This update addresses an issue that prevented some virtual machines (VMs) from starting when Virtualization-Based Security (VBS) was enabled. It affected VMs using version 8.0 (a non-default version) where VBS was offered by the host. In Azure, this applies to standard (non–Trusted Launch) General Enterprise (GE) VMs running on older VM SKUs. The problem was caused by a secure kernel initialization issue.

Windows 11 servicing stack update (KB5063666)- 26100.4651

This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates. To learn more about SSUs, see  Simplifying on-premises deployment of servicing stack updates.

July 13, 2025—KB5064489 (OS Build 26100.4656) Out-of-band - Microsoft Support