Emergency Update Released to Address BitLocker Recovery Boot Issue in Windows 10
May 26th, 2025
Severity Level: Informational
_edited_edited.jpg)
Technical Details
This issue originates from a failure in the Local Security Authority Subsystem Service (LSASS), which was triggered by the KB5058379 update released on May 13, 2025. The LSASS process unexpectedly stops during boot, causing the system to enter Automatic Repair mode. If BitLocker is enabled, the system prompts for the recovery key before proceeding, resulting in an unexpected BitLocker recovery screen.
Technical indicators include:
System boot failures trigger Automatic Repair.
LSASS termination and the related 0x800F0845 errors in the Windows Event Viewer (System log).
BitLocker recovery prompt displayed when entering the Windows Recovery Environment (WinRE).
This issue only affects devices with:
Windows 10 22H2, Enterprise LTSC 2021, or IoT Enterprise LTSC 2021.
Intel vPro processors (10th Gen or newer) that have Intel TXT and Intel VT for Direct I/O (VTD) enabled.
Consumer-grade Windows 10 editions (Home, Pro) are largely unaffected.
Our Cyber Threat Intelligence Unit (CTI) has recently identified that Microsoft released an out-of-band emergency update (KB5061768) to address a critical issue causing Windows 10 systems to unexpectedly enter the BitLocker recovery screen after installing the May 2025 security update (KB5058379). This issue primarily affects enterprise environments using Intel vPro (10th Gen or later) processors with Intel Trusted Execution Technology (TXT) enabled. The unexpected BitLocker prompt may lead to system unavailability and disrupt data access, particularly in managed IT infrastructures.
Impact
The primary impacts of an unexpected BitLocker recovery screen include:
Disruption of normal boot processes, rendering affected systems temporarily inaccessible.
Requirement for manual input of the BitLocker recovery key, potentially causing downtime.
Operational delays in enterprise environments with affected systems.
If left unaddressed, widespread device inaccessibility may occur in environments using BitLocker with the described hardware and software configurations.
Detection Method
To determine if a system is impacted:
Review the Windows Event Viewer for:
LSASS errors or unexpected terminations.
Event ID entries with error code 0x800F0845.
Observe system behavior:
Devices entering BitLocker Recovery during the boot process.
Systems stuck in Automatic Repair loops post-update.
Affected systems typically start experiencing issues immediately after installing update KB5058379.
Indicators of Compromise
Recommendations
Immediate Mitigation:
Install Emergency Update KB5061768:
Download the update from the Microsoft Update Catalog and manually apply it to affected systems.
Temporary Workaround (if unable to update immediately):
Access the BIOS/UEFI settings and disable the following:
Intel Trusted Execution Technology (TXT)
Intel VT for Direct I/O (VTD)
Re-enable these settings after installing the Emergency Update KB5061768.
Long-Term Recommendations:
Test cumulative updates in controlled environments prior to broad deployment.
Keep backups of BitLocker recovery keys in secure and accessible locations.
Monitor Microsoft’s Windows release health dashboard for real-time issue tracking and advisories.
Conclusion
Microsoft has promptly responded to a critical issue affecting enterprise Windows 10 systems that boot into BitLocker recovery mode following the May 2025 Patch released on Tuesday. The emergency KB5061768 update serves as a resolution to restore normal system behavior. Admins are advised to apply this update immediately or implement the recommended BIOS-based mitigations to minimize operational disruptions. Proactive monitoring and update management remain essential for mitigating similar future issues.