The recent release of the Windows 10 KB5058379 cumulative update has sparked a wave of unexpected BitLocker recovery prompts for some users following installation and reboot. This update, rolled out on May 13 as part of Microsoft’s May 2025 Patch Tuesday, is mandatory due to its inclusion of critical security updates addressing five actively exploited zero-day vulnerabilities.
Unexpected Recovery Prompts
Reports have surfaced from various Windows users and administrators indicating that after applying the update, their devices automatically boot into the Windows Recovery Environment (WinRE) and display the BitLocker recovery screen. While this issue does not affect all devices, the frequency of these reports suggests a significant concern.
A Windows administrator shared their experience on Reddit, noting, “We have about a half dozen laptops that experienced various intermittent issues after receiving the same KB – some require BitLocker keys to start up, others refusing to start at all.” Another user echoed this sentiment on Microsoft forums, stating, “The latest KB5058379 released May 13 quality update failed in Windows 10 devices. Some devices it caused triggering BitLocker key window after restart.”
Devices from manufacturers such as Lenovo, Dell, and HP appear to be among those affected, raising questions about potential hardware or configuration conflicts. Some users have found a workaround by disabling Intel Trusted Execution Technology (TXT) in the BIOS, a security feature designed to verify the integrity of system components before allowing sensitive operations.
Although Microsoft has yet to publicly acknowledge the issue, reports suggest that support representatives are aware of the situation. One impacted user noted, “I would like to inform you that we are currently experiencing a known issue with the May Month Patch KB5058379, titled ‘BitLocker Recovery Triggered on Windows 10 devices after installing KB5058379’ on Windows 10 machines. A support ticket has already been raised with the Microsoft Product Group (PG) team, and they are actively working on a resolution.”
Steps to Resolve the Issue
In light of the challenges posed by this update, Microsoft has provided a series of steps for users to regain access to their systems:
1. Disable Secure Boot
- Access the system’s BIOS/Firmware settings.
- Locate the Secure Boot option and set it to Disabled.
- Save the changes and reboot the device.
2. Disable Virtualization Technologies (if the issue persists)
- Re-enter BIOS/Firmware settings.
- Disable all virtualization options, including:
- Intel VT-d (VTD)
- Intel VT-x (VTX)
Note: This action may prompt for the BitLocker recovery key, so please ensure the key is available.
3. Check Microsoft Defender System Guard Firmware Protection Status
You can verify this in one of two ways:
- Registry Method
- Open Registry Editor (regedit).
- Navigate to: HKEYLOCALMACHINESYSTEMCurrentControlSetControlDeviceGuardScenariosSystemGuard
- Check the Enabled DWORD value:
- 1 → Firmware protection is enabled
- 0 or missing → Firmware protection is disabled or not configured
- GUI Method (if available)
- Open Windows Security > Device Security, and look under Core Isolation or Firmware Protection.
4. Disable Firmware Protection via Group Policy (if restricted by policy)
If firmware protection settings are hidden due to Group Policy, follow these steps:
- Using Group Policy Editor
- Open gpedit.msc.
- Navigate to: Computer Configuration > Administrative Templates > System > Device Guard > Turn On Virtualization Based Security
- Under Secure Launch Configuration, set the option to Disabled.
- Or via Registry Editor
- [HKEYLOCALMACHINESYSTEMCurrentControlSetControlDeviceGuardScenariosSystemGuard]
- “Enabled”=dword:00000000
Important: A system restart is required for this change to take effect.
It is advisable to test the disabling of TXT in the BIOS before proceeding with the deactivation of Secure Boot or virtualization features, as these actions could significantly impact the device’s security, performance, and the usability of virtualization software.
BleepingComputer has reached out to Microsoft for further clarification on this issue and will provide updates as more information becomes available.
