Either the machine will be able to be booted, and the boot process interrupted to allow it to boot into "safe mode", which doesn't load all the drivers, and might get the machine to a state where a fix can be applied.
If that can't happen, the machine can be booted from a USB stick, so that changes can be made on the original disk to ensure that the native boot can proceed again.
In higher-security environments, neither of these is possible, and it will be necessary for someone in possession of the codes and passwords to gain privileged boot access to intervene, quite possibly in person.
Once the machine is running, fixes can either be manually applied, or the machine may be able to be prompted to apply another update which corrects the erroneous one and allows it to operate normally again.
The word "boot" comes from "bootstrapping", from the idea that a computer, when it starts up, "pulls itself up by its bootstraps", first running basic hard-coded routines that get it to be able to do things like receive keyboard input, display stuff on the screen, etc. Then another layer gets loaded which takes the machine up to a higher level of capability (network connections, peripherals, stuff like that). This security stuff is a further layer that (clearly) gets loaded during the operating system startup phase, and clearly has the potential to render the machine unusable (and unfixable) via the usual means.