Windows 10 users are currently navigating a challenging situation with the latest May update, which has introduced a bug that primarily affects business laptops equipped with Intel vPro processors. This glitch can lead to significant complications, including the failure of the update installation and repeated attempts at automatic repairs, leaving users in a frustrating loop.
In response to this issue, Microsoft has swiftly rolled out an emergency fix, identified as KB5061768. It is crucial for users to apply this patch before attempting to install the May update. For those who have already encountered the bug, there remains a pathway to recovery.
Breaking down the problem – and what to do if you’re already hit, and locked out of your PC
The root of the problem lies in the termination of a security-related service known as lsass.exe, triggered by the May update. This disruption initiates the automatic repair process, which may fail multiple times before reverting to the previous update. For users employing Device Encryption or BitLocker, the stakes are higher, as they may find themselves locked out at the recovery screen without their recovery key.
If you find yourself in this predicament after installing the May update, and you are unable to access your system, Microsoft recommends disabling Intel Trusted Execution Technology (TXT) and Intel VT for Direct I/O in your BIOS settings. However, this process typically requires the BitLocker recovery key, which can complicate matters further.
Fortunately, there is a workaround. Users can disable Intel TXT in the BIOS without altering the Intel VT setting, allowing them to reboot their PC successfully. To access the BIOS, users should refer to their device manuals, as the key to enter varies by manufacturer, commonly being F2, F10, or F12 during startup.
Once in the BIOS, navigate to the Intel TXT setting, usually found under Security or System Configuration. After disabling this feature, save the changes and restart your PC. Upon regaining access to Windows 10, users can then proceed to install the emergency patch from the Microsoft update catalog.
To avoid such technical hurdles in the future, it is advisable to install the emergency fix prior to downloading the May cumulative update. This incident is not an isolated case; similar bugs have surfaced in previous updates for both Windows 10 and Windows 11, underscoring the importance of vigilance when managing system updates.
For Windows 11 users, it is worth noting that a clean install of the latest version, 24H2, automatically applies the Device Encryption feature, which is distinct from an in-place upgrade. This feature, akin to a simplified version of BitLocker, provides essential data protection for Windows 11 Home PCs, emphasizing the need for careful management of Microsoft account credentials linked to encryption recovery keys.
