The Home windows 10 KB5058379 cumulative replace is triggering surprising BitLocker restoration prompts on some gadgets afters it is put in and the pc restarted.
On Might 13, Microsoft launched the Home windows 10 KB5058379 cumulative replace as a part of their Might 2025 Patch Tuesday updates. This can be a necessary replace because it comprises safety updates for vulnerabilities fastened by Microsoft, which included 5 actively exploited zero-day flaws.
As first noticed by Home windows Newest, because the launch of this replace, some Home windows customers and admins have been reporting that after putting in the replace and restarting the gadget, the pc would routinely boot into the WinRE BitLocker restoration display screen.
Whereas this isn’t impacting all Home windows gadgets, there have been sufficient stories to point an issue with the replace on some gadgets.
“Now we have a couple of half dozen laptops that skilled varied intermittent points after receiving the identical KB – some require bitlocker keys to begin up, others refusing to begin in any respect,” a Home windows admin posted to Reddit.
“The newest KB5058379 launched Might 13 high quality replace failed in Home windows 10 gadgets. Some gadgets it precipitated triggering bitlocker key window after restart,” one other individual posted to the Microsoft boards.
Quickly after, quite a few folks responded to the posts stating that gadgets of their organizations have been booting into WinRE after which proven the BitLocker restoration display screen.
Supply: Microsoft
There are stories of gadgets from Lenovo, Dell, and HP being impacted by this problem, so it is unclear what specific {hardware} or setting battle is happening.
Some customers reported on Reddit that they may boot into Home windows once more by disabling Intel Trusted Execution Know-how (TXT) within the BIOS.
Trusted Execution Know-how (TXT) is a hardware-based safety characteristic that verifies the integrity of system elements earlier than permitting delicate operations to run.
Whereas Microsoft has not publicly acknowledged the problem, Microsoft Help allegedly instructed a person that they’re conscious of the problems.
“I wish to inform you that we’re at present experiencing a identified problem with the Might Month Patch KB5058379, titled “BitLocker Restoration Triggered on Home windows 10 gadgets after putting in KB5058379” on Home windows 10 machines,” an impacted person posted to Reddit.
“A assist ticket has already been raised with the Microsoft Product Group (PG) group, and they’re actively engaged on a decision.”
Microsoft then shared the next steps for customers to get again into Home windows.
1. Disable Safe Boot
- Entry the system’s BIOS/Firmware settings.
- Find the Safe Boot possibility and set it to Disabled.
- Save the adjustments and reboot the gadget.
2. Disable Virtualization Applied sciences (if problem persists)
- Re-enter BIOS/Firmware settings.
- Disable all virtualization choices, together with:
- Intel VT-d (VTD)
- Intel VT-x (VTX)
Observe: This motion might immediate for the BitLocker restoration key, so please guarantee the hot button is obtainable.
3. Test Microsoft Defender System Guard Firmware Safety Standing
You may confirm this in one in every of two methods:
- Registry Methodology
- Open Registry Editor (regedit).
- Navigate to: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlDeviceGuardScenariosSystemGuard
- Test the Enabled DWORD worth:
- 1 → Firmware safety is enabled
- 0 or lacking → Firmware safety is disabled or not configured
- GUI Methodology (if obtainable)
- Open Home windows Safety > Gadget Safety, and look beneath Core Isolation or Firmware Safety.
4. Disable Firmware Safety by way of Group Coverage (if restricted by coverage)
If firmware safety settings are hidden on account of Group Coverage, observe these steps:
- Utilizing Group Coverage Editor
- Open gpedit.msc.
- Navigate to: Pc Configuration > Administrative Templates > System > Gadget Guard > Flip On Virtualization Primarily based Safety
- Beneath Safe Launch Configuration, set the choice to Disabled.
- Or by way of Registry Editor
- [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlDeviceGuardScenariosSystemGuard]
- “Enabled”=dword:00000000
Vital:Â A system restart is required for this variation to take impact.
It’s strongly inspired to check disabling TXT within the BIOS earlier than disabling Safe Boot or virtualization options, as disabling them may have a major influence on the gadget’s safety, Â efficiency, and usefulness of virtualization software program.
BleepingComputer didn’t take a look at these workarounds, so take a look at them first earlier than rolling out fixes to a number of gadgets.
BleepingComputer contacted Microsoft to study extra about this problem and can replace the story if we obtain a response.
Primarily based on an evaluation of 14M malicious actions, uncover the highest 10 MITRE ATT&CK strategies behind 93% of assaults and tips on how to defend in opposition to them.
