Microsoft has confirmed that the latest October 2023 Patch Tuesday for Windows Server 2022 (KB5031364) is triggering blue screens of death (BSODs) upon start up failures on VMware ESXi hypervisors with the error / stop code "PNP DETECTED FATAL ERROR".
Microsoft has identified that the issue is not affecting all systems or configurations and is isolated to the ones where AMD's EPYC server processors are at the heart of them. These virtual machines (VMs) are set up in a way such that the following settings are enabled: Virtualization-based Security or VBS, IOMMU or Input-Output Memory Management Unit, and System Guard Secure Launch.
On the Windows health dashboard, Microsoft writes:
After installing KB5031364 on virtual machines (VMs) running on VMware ESXi hosts, Windows 2022 might fail to start up. Affected VMs will receive an error with a blue screen and Stop code : PNP DETECTED FATAL ERROR. This issue only affects guest VMs with the following configuration on VMware ESXi hosts only:
- AMD Epyc physical processor
- "Expose IOMMU to guest OS" enabled in VMware settings for the VM.
- “Enable Virtualization Based Security” enabled in Windows Server 2022.
- "System Guard Secure Launch" enabled in Windows Server 2022.
Microsoft has provided a workaround for the issue as well which involves disabling the "Expose IOMMU to guest OS" option.
Workaround: To mitigate this issue, you can disable "Expose IOMMU to guest OS". Important: This workaround should only be used in environments which do not require "Expose IOMMU to guest OS" to be enabled.
For those unaware, this option allows the guest OS to improve I/O bus performance thanks to DMA (or direct memory access) of the system RAM.
As far as when a permanent fix is coming, the tech giant claims it should be available around the middle of the month so expect the upcoming November 2023 Patch Tuesday to resolve the issue. You can read about the problem on this page on Microsoft's official website.