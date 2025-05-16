Earlier this month, we reported on BitLocker encryption on Windows 11 24H2, leading to unaware users losing their data. However, BitLocker troubles have now hit Windows 10 as well. Following the latest Patch Tuesday updates released earlier this week for the month of May 2025 (KB5058379/ KB5058392 / KB5058383/ KB5058387), users are reporting that their systems are running into the BitLocker recovery screen upon reboot after the installation. The problem is widespread across hardware OEMs as Lenovo, Dell, HP users all report the same problem.

This is a bug affecting enterprise PCs managed via Intune, WSUS, and SCCM and is the second enterprise-related major bug to hit such devices this month following the previous one that blocked the Windows 11 2024 update on 22H2/23H2 devices.

A user mersongeorge on the Microsoft forums opened a thread titled "May 13 -KB5058379 Windows 10 leads to corruption and endpoints asking for bitlocker key...."

The user describes the problem as they write, "the latest KB5058379 released May 13 quality update failed in Windows 10 devices. Some devices it caused triggering bitlocker key window after restart. Still Update seems failed. Some fall in loop of restarts. ..This is mainly affected devices managed by Intune. Lenovo Thinkpad. some cases Keyboard is getting disabled and user not able to pass the bitlocker key."

Fortunately, Microsoft is aware of the bug in KB5058379 and how it causes restart loops, update fails, and BitLocker recovery prompts. The company also provided a workaround for the same. The issue has been validated on Intel-based Dell Precision 5570 and 5680 models. A user Callum Hargreaves2 on the same thread confirmed this. The company has suggested that the issue is related to Intel's Trusted Execution Technology (TXT), but further investigation is ongoing. Thus, disabling the TXT feature in BIOS can potentially fix the issue.

The user writes:

Next Steps & Recommendations: Continue to keep affected devices with update installation paused.

For devices already affected and requiring BitLocker recovery, applying the recovery key and rolling back the update as you described is the advised interim measure.

Disabling TXT in BIOS is another possible workaround, but as you noted, it may require remote staff to come in and is not ideal for large deployments.

Microsoft is working to document the issue on the Windows Release Health and Microsoft 365 Admin Center portals; updates will be provided as new information becomes available.

For those not familiar, Intel TXT is a security feature built into Intel processors and chipsets. It helps protect computers from software attacks by ensuring that applications run in a safe, isolated space. TXT uses hardware-based security to keep data secure and incorporates features like Intel PTT (or commonly called TPM) and Secure Boot.