BitLocker recovery

Winsage
July 10, 2026
On July 19, 2024, at 12:09 AM EDT, 8.5 million Windows PCs, including devices from half of the Fortune 500 companies and the leading U.S. cybersecurity agency, experienced a catastrophic failure due to the Blue Screen of Death, leading to reboot loops. IT teams had to physically access each machine to resolve the issue by removing a problematic CrowdStrike file. CrowdStrike released an automated remediation tool three days later, on July 22. Microsoft pledged to improve Windows' resilience, introducing Quick Machine Recovery nearly a year later. Microsoft unveiled a new recovery feature called Point-in-time Restore, which allows users to revert their PCs to a previous state when functioning correctly. This feature generates daily snapshots of the entire system using the Volume Shadow Copy Service, retaining the three most recent snapshots and consuming minimal disk space (typically 2% of the system drive). Users can access the restore point through the Windows Recovery Environment after three failed startups, with the restoration process taking 30 to 45 minutes. Point-in-time Restore differs from System Restore, which creates less comprehensive snapshots and preserves document files. Point-in-time Restore is automatically enabled for systems with at least 200 GB drives in retail or OEM editions of Windows Home or Pro, while it must be manually activated for smaller drives. In Windows 11 Enterprise edition, it is disabled by default and may require administrative approval to activate. The feature intelligently manages disk usage, discarding older snapshots as needed, but users must enter a BitLocker recovery key if their system drive is encrypted. Users are warned about the risk of losing unsaved work when applying a restore snapshot, and reversing the operation is not straightforward.
Winsage
July 9, 2026
Windows 10 and 11 updates can cause significant issues for users, including high disk space consumption, disruptions to desktop UI functionalities, and potential lockouts via BitLocker recovery. These problems often lead to delays in installing new patches by IT administrators and users, which can expose systems to vulnerabilities. Microsoft has raised concerns about this cautious approach, emphasizing that AI is changing the cybersecurity landscape by enabling faster identification and exploitation of vulnerabilities. To address this, Microsoft recommends moving away from broad deployment delays and adopting staged rollout strategies, using deployment rings to validate patches on a limited number of devices before wider distribution. Additionally, Microsoft has introduced technologies like Windows Autopatch and Hotpatching to automate and streamline the update process while maintaining security. The company advocates for expediting update validation to better protect systems in an evolving threat environment.
Winsage
July 7, 2026
Microsoft has rolled out a point-in-time restore feature for Windows 11, available to all client PCs running version 24H2 and later, including Enterprise, Pro, and Home editions. This feature automatically creates local restore points every 24 hours, stored for up to 72 hours and limited to 2% of disk space. It is enabled by default on Windows Home and unmanaged Windows Pro devices with at least 200 GB OS volume, while it is disabled by default on Windows Enterprise, Education, and organization-managed Windows Pro systems. Users can initiate restores locally via the Windows Recovery Environment, but any changes made after the selected restore point will be lost. Microsoft plans to introduce remote initiation capabilities through Intune recovery. The upcoming Windows 11 version 26H2 will maintain a low-disruption update experience, allowing devices on versions 24H2 or 25H2 to transition via a small enablement package. Devices running version 26H1 cannot upgrade directly to 26H2.
Winsage
July 1, 2026
Microsoft has restored GIF functionality in the Emoji Panel for Windows 11 users after the retirement of the Tenor GIF search engine's API, which caused disruptions starting June 30. The company has transitioned to GIPHY as the new GIF provider, implemented in the preview cumulative update KB5095093 released on June 23 for Windows 11 versions 24H2, 25H2, and 26H1. Users are advised to install the latest updates to restore GIF functionality. Microsoft is also working on a solution for users on Windows 11 23H2 and Windows Server 2025. The KB5095093 update includes the Point-in-Time Restore feature and addresses various bugs and known issues.
Winsage
June 29, 2026
Major PC manufacturers, including HP, Dell, ASUS, Lenovo, MSI, Acer, Samsung, LG, and Microsoft’s Surface division, have provided guidance on transitioning to new Secure Boot certificates as the expiration of Microsoft’s 2011 certificates approaches. The expiration will occur in three phases: Microsoft Corporation KEK CA 2011 expired on June 24, 2026; Microsoft UEFI CA 2011 expired on June 27, 2026; and Microsoft Windows Production PCA 2011 is set to expire on October 19, 2026. Microsoft has begun rolling out replacement certificates through Windows Update, contingent on OEMs providing compatible BIOS updates. ASUS offers detailed documentation for both consumer and commercial devices, confirming that most users will receive updates automatically. Lenovo provides direct download links for BIOS updates organized by product family and specifies which products will not receive updates. Dell's support article covers its entire product lineup, noting that devices with an End of Service Life before January 1, 2026, will not receive updates. HP outlines a dual-track approach for updates, with specific timelines for commercial PCs. Microsoft's Surface devices receive updates directly from Microsoft, while MSI categorizes guidance based on processor generation for its laptops. Acer emphasizes backing up the BitLocker recovery key and provides a model table for confirmed BIOS release dates. Samsung confirms that all PCs running Windows 10 or 11 will function normally post-expiration, but security updates will cease. LG has released a guide for checking BIOS updates for its PCs. To verify if a PC has the 2023 certificates, users can check the Secure Boot section in Windows Security. A green checkmark indicates successful application, while yellow or red icons indicate pending updates or incompatibility. Microsoft has pushed the certificates to all eligible devices as of June 2026.
Winsage
June 24, 2026
Point-in-time restore is a new feature for Windows 11 that allows administrators to revert systems to a previous stable state, streamlining recovery from issues like problematic updates or software conflicts. It automatically generates restore points every 24 hours, retaining them for up to 72 hours and using a maximum of 2 percent of disk space. This feature is available on Windows 11 version 24H2 and later across all editions, including Enterprise, Pro, and Home. Administrators can initiate the restore process through the Windows Recovery Environment (Windows RE) by selecting a restore point. Future enhancements will include remote restore capabilities through Microsoft Intune.
Winsage
June 24, 2026
Microsoft is addressing a bug in Windows that affects the Recycle Bin functionality, where the confirmation prompt for permanently deleting files shows internal system filenames instead of the actual file names. This issue impacts all supported versions of Windows 11 and occurs when users attempt to delete files from the Recycle Bin. The Recycle Bin itself displays the correct file names, and file restoration works properly. The bug emerged after the June 9 Patch Tuesday updates and affects Windows 11 versions 23H2 through 26H1 and Windows Server versions from 2012 to 2025. Microsoft is working on a fix for this issue, which will be included in an upcoming update. Additionally, other issues have been reported following the updates, including problems with launching Office applications and stability issues like system crashes and BitLocker recovery prompts.
Winsage
June 19, 2026
Reports have emerged about complications from the latest Patch Tuesday update, affecting users with issues such as access problems with OneDrive and Dropbox, BitLocker recovery lockouts, and Blue Screen of Death (BSOD) errors. Microsoft has acknowledged a glitch related to the Recycle Bin after the installation of June's Patch Tuesday update (KB5094126), where the confirmation dialog displays the internal file name instead of the actual name when deleting an item. This issue affects various supported Windows client and server versions, including Windows 11 (versions 26H1, 25H2, 24H2, 23H2), Windows 10 (versions 22H2, Enterprise LTSC 2021, Enterprise LTSC 2019, Enterprise LTSB 2016), and Windows Server (2025, 2022, 2019, 2016, 2012 R2, 2012). Microsoft is working on a solution expected in a future update, but it is unclear if it will be part of the next Patch Tuesday or an out-of-band update. Commercial customers can implement a workaround by contacting Microsoft Support for Business.
Search