Earlier, we covered a new BitLocker-related trouble on Windows PCs wherethe latest May 2025 Patch Tuesday update is leading devices into a BitLocker recovery and reboot frenzy. This follows an earlier report for Windows 11 24H2, wherein unaware users may be losing their data as a result of the default encryption.
From its preliminary investigation, Microsoft learned that a conflict with Intel TXT (Trusted Execution Technology) is the root of the issue, though, at that time, a detailed explanation was not provided. However, it led to a simple workaround for the BitLocker recovery and reboot issue by going into the BIOS of affected Intel-based PCs and disabling the TXT feature there.
For those not familiar, Intel TXT is a security feature built into Intel processors and chipsets. It helps protect computers from software attacks by ensuring that applications run in a safe, isolated space. TXT uses hardware-based security to keep data secure and incorporates features like Intel PTT (or commonly called TPM) and Secure Boot.
After further investigation, as promised, Microsoft has published a new entry on its Windows Health Dashboard website. The company says that a conflict between Intel"s TXT feature and its latest KB5058379 Windows 10 Patch is leading to the lsass.exe process termination and that is essentially what is triggering the Automatic Repair of such affected systems.
That"s because the Local Security Authority Server Service (LSASS) process helps validate and authenticate users for local and remote sign-ins by enforcing local security policies. This helps explain why systems are going into a BitLocker recovery frenzy as Intel TXT and LSASS are not playing well with one another.
When this happens, Microsoft has explained that affected devices react in one of two ways. On the brighter side, the system could make several attempts to install update KB5058379 before Startup Repair manages to successfully roll it back to the previous (stable) update; but on the flip side when it fails, it creates a reboot loop.
Aside from these, Microsoft has also listed a couple of other symptoms:
- Event ID 20 might appear in the Windows Event Viewer in the System event log, with the following text: "Installation Failure: Windows failed to install the following update with error 0x800F0845: 2025-05 Cumulative Update for Windows 10 22H2 for x64-based Systems (KB5058379)."
- Event ID 1074 might appear in the System event log, with the text: "The system process "C:\WINDOWS\system32\lsass.exe" terminated unexpectedly with status code -1073740791."
The company says it is working on a fix for this bug on an urgent basis, and thus, an out-of-band update, similar to the one for Windows 11 24H2, will be released soon. You can find the issue entry here on Microsoft"s official Windows Health Dashboard website.