Microsoft has confirmed a widespread issue causing some Windows 10 systems to enter BitLocker recovery mode after installing the May 2025 security updates. This problem, affecting a variety of system configurations, has prompted the company to release an out-of-band emergency update to resolve the issue. Affected users, particularly those running Windows 10 22H2, Windows 10 Enterprise LTSC 2021, and Windows 10 IoT Enterprise LTSC 2021 on systems with Intel vPro processors, encountered BitLocker recovery screens following the installation of the KB5058379 update.
The Issue
The issue emerged after the release of the May 2025 security update, KB5058379, as part of Microsoft’s Patch Tuesday updates. Upon installation, certain systems began failing to boot, triggering an automatic repair cycle that demanded the input of a BitLocker recovery key. For many affected users, the Local Security Authority Subsystem Service (LSASS) process unexpectedly terminated, which led to an installation failure event with error code 0x800F0845 in the Windows Event Viewer. This failure caused the device to enter BitLocker recovery mode.
Microsoft acknowledged the problem, noting that a “small number” of systems with BitLocker enabled are being impacted by this issue. Devices with Intel vPro processors (10th generation or later) and Intel Trusted Execution Technology (TXT) enabled are particularly affected. Consumer systems running Windows 10 Home or Pro editions are unlikely to experience this issue, as they typically do not use Intel vPro processors.
Symptoms and Impact
When impacted systems are booted, they may present the BitLocker recovery screen after Windows attempts to start but fails repeatedly. This failure triggers the Automatic Repair process, which requests the BitLocker recovery key for further access. In some cases, this issue causes systems to enter a BitLocker recovery loop, where the device is unable to successfully recover and start up. Others may experience a successful rollback to the previous update after multiple attempts, but the issue remains disruptive.
The error logs in the Event Viewer often show LSASS errors and installation failure events with the 0x800F0845 error code, signaling that the update process was interrupted, causing the device to fail to boot properly.
Temporary Workarounds
Microsoft has suggested a few temporary workarounds for users unable to immediately apply the emergency fix. To bypass the issue, users can attempt to disable Intel’s Trusted Execution Technology (TXT) or Virtualization Technology (VT) in the system BIOS/UEFI. Disabling these features may allow the system to boot normally and provide time for users to install the emergency update.
Emergency Update Released
In response to the issue, Microsoft has released the KB5061768 emergency update via the Microsoft Update Catalog. This update is cumulative, meaning it does not require prior updates to be installed. The emergency patch aims to address the BitLocker recovery loop by fixing the LSASS termination problem caused by the May 2025 security update.
Once installed, this emergency update should resolve the issue for impacted users, allowing them to bypass the BitLocker recovery screen and restore normal functionality. Microsoft strongly advises affected users to download and install the KB5061768 update immediately to prevent further disruptions.
Steps to Fix the Issue:
- Install the Emergency Update: Download and install the KB5061768 update from the Microsoft Update Catalog. This update will fix the issue caused by the KB5058379 update.
- Disabling Intel Features: If you cannot immediately install the update, disable Intel Trusted Execution Technology (TXT) and Intel Virtualization Technology (VT) from your system’s BIOS/UEFI settings. Once the update is installed, you can re-enable these features.
- Retrieving BitLocker Recovery Key: If you are stuck at the BitLocker recovery prompt, retrieve the recovery key by logging into the BitLocker recovery screen portal using your Microsoft account. You can find detailed instructions on how to retrieve the BitLocker recovery key on Microsoft’s support page.
Historical Context
This isn’t the first time BitLocker recovery issues have occurred following a Windows update. Similar problems were experienced in August 2022 after the release of the KB5012170 update, as well as in July 2024, when another BitLocker recovery issue affected Windows 10, Windows 11, and Windows Server systems. Each time, Microsoft responded with emergency updates to resolve the issue and mitigate further user disruption.
The BitLocker recovery issue caused by the May 2025 security update has disrupted Windows 10 systems, particularly those with Intel vPro processors. Microsoft has released a cumulative emergency update to resolve the issue, and users are urged to install the KB5061768 update to fix the problem and restore their systems to normal operation. Until the patch is applied, disabling Intel TXT and VT in the BIOS/UEFI settings can serve as a temporary workaround. Microsoft continues to investigate the root cause of the issue and will provide further updates as necessary.
As always, it’s important to stay up-to-date with security patches and monitor official Microsoft channels for the latest advisories.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Questions or concerns? Feel free to reach out to us any time –
https://www.netizen.net/contact
