The Home windows 10 KB5058379 cumulative replace is triggering surprising BitLocker restoration prompts on some units afters it is put in and the pc restarted.
On CouldĀ 13, Microsoft launched the Home windows 10 KB5058379 cumulative replace as a part of theirĀ Could 2025 Patch Tuesday updates. This can be a obligatory replace because it comprises safety updates for vulnerabilities fastened by Microsoft, which included 5 actively exploited zero-day flaws.
As first noticed by Home windows Newest, because the launch of this replace, some Home windows customers and admins have been reporting that after putting in the replace and restarting the system, the pc would robotically boot into the WinRE BitLocker restoration display screen.
Whereas this isn’t impacting all Home windows units, there have been sufficient experiences to point an issue with the replace on some units.
“We’ve a few half dozen laptops that skilled varied intermittent points after receiving the identical KB – some require bitlocker keys to start out up, others refusing to start out in any respect,” a Home windows admin posted to Reddit.
“The newest KB5058379 launched Could 13 high quality replace failed in Home windows 10 units. Some units it induced triggering bitlocker key window after restart,” one other individual posted to the Microsoft boards.
Quickly after, quite a few folks responded to the posts stating that units of their organizations had been booting into WinRE after which proven the BitLocker restoration display screen.
Supply: Microsoft
There are experiences of units from Lenovo, Dell, and HP being impacted by this concern, so it is unclear what specific {hardware} or setting battle is happening.
Some customers reported on Reddit that they might boot into Home windows once more by disabling Intel Trusted Execution Expertise (TXT) within the BIOS.
Trusted Execution Expertise (TXT) is a hardware-based safety function that verifies the integrity of system parts earlier than permitting delicate operations to run.
Whereas Microsoft has not publicly acknowledged the problem, Microsoft Assist allegedly informed a consumer that they’re conscious of the problems.
“I want to inform you that we’re at the moment experiencing a identified concern with the Could Month PatchĀ KB5058379, titledĀ “BitLocker Restoration Triggered on Home windows 10 units after putting in KB5058379” on Home windows 10 machines,” an impacted consumer posted to Reddit.
“A assist ticket has already been raised with the Microsoft Product Group (PG) group, and they’re actively engaged on a decision.”
Microsoft then shared the next steps for customers to get again into Home windows.
1. Disable Safe Boot
- Entry the systemās BIOS/Firmware settings.
- Find theĀ Safe BootĀ choice and set it toĀ Disabled.
- Save the adjustments and reboot the system.
2. Disable Virtualization Applied sciences (if concern persists)
- Re-enter BIOS/Firmware settings.
- Disable all virtualization choices, together with:
- Intel VT-d (VTD)
- Intel VT-x (VTX)
Word: This motion could immediate for the BitLocker restoration key, so please guarantee the secret is accessible.
3. Verify Microsoft Defender System Guard Firmware Safety Standing
You possibly can confirm this in one in every of two methods:
- Registry Methodology
- Open Registry Editor (regedit).
- Navigate to: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlDeviceGuardScenariosSystemGuard
- Verify theĀ EnabledĀ DWORD worth:
- 1Ā ā Firmware safety is enabled
- 0Ā or lacking ā Firmware safety is disabled or not configured
- GUI Methodology (if accessible)
- OpenĀ Home windows Safety > System Safety, and look underneathĀ Core IsolationĀ orĀ Firmware Safety.
4. Disable Firmware Safety through Group Coverage (if restricted by coverage)
If firmware safety settings are hidden attributable to Group Coverage, comply with these steps:
- Utilizing Group Coverage Editor
- OpenĀ gpedit.msc.
- Navigate to: Laptop Configuration > Administrative Templates > System > System Guard > Flip On Virtualization Based mostly Safety
- UnderneathĀ Safe Launch Configuration, set the choice toĀ Disabled.
- Or through Registry Editor
- [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlDeviceGuardScenariosSystemGuard]
- “Enabled”=dword:00000000
Necessary:Ā A system restart is required for this variation to take impact.
It’s strongly inspired to check disabling TXT within the BIOS earlier than disabling Safe Boot or virtualization options, as disabling them may have a big affect on the system’s safety, Ā efficiency, and value of virtualization software program.
BleepingComputer didn’t take a look at these workarounds, so take a look at them first earlier than rolling out fixes to a number of units.
BleepingComputer contacted Microsoft to be taught extra about this concern and can replace the story if we obtain a response.
Based mostly on an evaluation of 14M malicious actions, uncover the highest 10 MITRE ATT&CK methods behind 93% of assaults and easy methods to defend in opposition to them.
