As Microsoft prepares to wind down support for Windows 10 this October, the tech giant has made headlines with its latest update, KB5058379, which has inadvertently caused quite a stir among users. Released during the recent Patch Tuesday, this update has led to unexpected BitLocker recovery prompts for some systems after a restart, leaving many users frustrated.
Despite the absence of official acknowledgment from Microsoft regarding this issue in the update’s release notes, company representatives have confirmed the problem on various forums, providing users with a workaround to mitigate the inconvenience.
Understanding the Issue
The emergence of WinRE BitLocker recovery screens has been reported by numerous users across platforms such as Reddit and Microsoft forums. While not every installation of the update has resulted in this issue, it appears to predominantly affect devices from manufacturers like Dell, HP, and Lenovo. The specific cause of this widespread problem remains unclear.
A notable discussion thread on Reddit has brought to light a message from Microsoft Support, which states:
I would like to inform you that we are currently experiencing a known issue with the May Month Patch KB5058379, titled “BitLocker Recovery Triggered on Windows 10 devices after installing KB5058379” on Windows 10 machines.
Workaround Solutions
In response to the situation, Microsoft has shared several steps that users can take to potentially resolve the issue:
1. Disable Secure Boot
- Access the system’s BIOS/Firmware settings.
- Locate the Secure Boot option and set it to Disabled.
- Save the changes and reboot the device.
2. Disable Virtualization Technologies (if the issue persists)
- Re-enter BIOS/Firmware settings.
- Disable all virtualization options, including:
- Intel VT-d (VTD)
- Intel VT-x (VTX)
Note: This action may prompt for the BitLocker recovery key, so please ensure the key is available.
3. Check Microsoft Defender System Guard Firmware Protection Status
You can verify this in one of two ways:
- Registry Method
- Open Registry Editor (regedit).
- Navigate to: HKEYLOCALMACHINESYSTEMCurrentControlSetControlDeviceGuardScenariosSystemGuard
- Check the Enabled DWORD value:
- 1 → Firmware protection is enabled
- 0 or missing → Firmware protection is disabled or not configured
- GUI Method (if available)
- Open Windows Security > Device Security, and look under Core Isolation or Firmware Protection.
4. Disable Firmware Protection via Group Policy (if restricted by policy)
If firmware protection settings are hidden due to Group Policy, follow these steps:
- Using Group Policy Editor
- Open gpedit.msc.
- Navigate to: Computer Configuration > Administrative Templates > System > Device Guard > Turn On Virtualization Based Security
- Under Secure Launch Configuration, set the option to Disabled.
- Or via Registry Editor
- [HKEYLOCALMACHINESYSTEMCurrentControlSetControlDeviceGuardScenariosSystemGuard]
- “Enabled”=dword:00000000
Important: A system restart is required for this change to take effect.
Image credit: Monticelllo / Dreamstime.com
