In the latest Patch Tuesday update, Microsoft rolled out a cumulative update for Windows 10, designated as KB5094127. However, this release has not been without its complications, as some users are reporting unexpected issues following installation.
BitLocker Recovery Key Concerns
According to reports from BetaNews, the update may inadvertently prompt users to enter their BitLocker recovery key upon restarting their computers. This situation is reminiscent of similar occurrences in May and November of the previous year, raising concerns about the persistence of this issue.
Microsoft has indicated that the problem is likely to arise in systems with an “unrecommended” BitLocker Group Policy configuration. Fortunately, the number of affected devices appears to be limited. The company has outlined specific conditions that could lead to this lockout scenario:
- BitLocker must be enabled on the operating system drive.
- The Group Policy setting titled Configure TPM platform validation profile for native UEFI firmware configurations must be configured, with PCR7 included in the validation profile.
- The System Information tool (msinfo32.exe) must report the Secure Boot State PCR7 Binding as Not Possible.
- The device must have the Windows UEFI CA 2023 certificate in its Secure Boot Signature Database.
- The device should not already be operating with the 2023-signed Windows Boot Manager.
For those systems meeting all these criteria, users will only need to enter their BitLocker recovery key once. Subsequent restarts will not trigger the recovery screen, provided the Group Policy configuration remains unchanged. However, the challenge for many users lies in the potential unavailability of their BitLocker recovery key, which could result in being locked out until IT support can assist.
Microsoft reassures that personal devices not managed by IT departments are unlikely to face this issue, suggesting that the problem predominantly affects enterprise and organizational setups.
As a proactive measure, Microsoft is currently working on a resolution to this predicament. In the interim, IT administrators are advised to consider removing the Group Policy configuration prior to installing the update, with detailed instructions available on Microsoft’s support page.
Update KB5094127 is accessible exclusively to Windows 10 users enrolled in the Extended Security Updates (ESU) program, covering versions 21H2 and 22H2. This update aims to address various bugs, issues, and security vulnerabilities within the operating system.
<h3 class="articleauthorhead”>Author: Hans-Christian Dirscherl, Managing Editor, PC-WELT
Hans-Christian Dirscherl has been immersed in the IT landscape for over 25 years, starting with the intricacies of Autoexec.bat and Turbo-Pascal. His extensive experience encompasses a wide range of IT topics, from news to reviews and buying guides.
<h3 class="recentstorieshead”>Recent stories by Hans-Christian Dirscherl:
