The Home windows 10 KB5058379 cumulative replace is triggering sudden BitLocker restoration prompts on some gadgets afters it is put in and the pc restarted.
On Could 13, Microsoft launched the Home windows 10 KB5058379 cumulative replace as a part of their Could 2025 Patch Tuesday updates. This can be a obligatory replace because it comprises safety updates for vulnerabilities mounted by Microsoft, which included 5 actively exploited zero-day flaws.
As first noticed by Home windows Newestbecause the launch of this replace, some Home windows customers and admins have been reporting that after putting in the replace and restarting the gadget, the pc would mechanically boot into the WinRE BitLocker restoration display.
Whereas this isn’t impacting all Home windows gadgets, there have been sufficient studies to point an issue with the replace on some gadgets.
“Now we have a few half dozen laptops that skilled varied intermittent points after receiving the identical KB – some require bitlocker keys to begin up, others refusing to begin in any respect,” a Home windows admin posted to Reddit.
“The most recent KB5058379 launched Could 13 high quality replace failed in Home windows 10 gadgets. Some gadgets it brought about triggering bitlocker key window after restart,” one other particular person posted to the Microsoft boards.
Quickly after, quite a few folks responded to the posts stating that gadgets of their organizations had been booting into WinRE after which proven the BitLocker restoration display.
The Home windows BitLocker restoration display
Supply: Microsoft
There are studies of gadgets from Lenovo, Dell, and HP being impacted by this situation, so it is unclear what specific {hardware} or setting battle is going on.
Some customers reported on Reddit that they may boot into Home windows once more by disabling Intel Trusted Execution Know-how (TXT) within the BIOS.
Trusted Execution Know-how (TXT) is a hardware-based safety function that verifies the integrity of system parts earlier than permitting delicate operations to run.
Whereas Microsoft has not publicly acknowledged the problem, Microsoft Help allegedly informed a person that they’re conscious of the problems.
“I want to inform you that we’re presently experiencing a recognized situation with the Could Month Patch KB5058379, titled “BitLocker Restoration Triggered on Home windows 10 gadgets after putting in KB5058379″ on Home windows 10 machines,” an impacted person posted to Reddit.
“A help ticket has already been raised with the Microsoft Product Group (PG) workforce, and they’re actively engaged on a decision.”
Microsoft then shared the next steps for customers to get again into Home windows.
1. Disable Safe Boot
Entry the system’s BIOS/Firmware settings.
Find the Safe Boot choice and set it to Disabled.
Save the modifications and reboot the gadget.
2. Disable Virtualization Applied sciences (if situation persists)
Re-enter BIOS/Firmware settings.
Disable all virtualization choices, together with:
Intel VT-d (VTD)
Intel VT-x (VTX)
Notice: This motion might immediate for the BitLocker restoration key, so please guarantee the secret is accessible.
3. Test Microsoft Defender System Guard Firmware Safety Standing
You’ll be able to confirm this in one in every of two methods:
Registry Technique
Open Registry Editor (regedit).
Navigate to: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlDeviceGuardScenariosSystemGuard
Test the Enabled DWORD worth:
1 → Firmware safety is enabled
0 or lacking → Firmware safety is disabled or not configured
GUI Technique (if accessible)
Open Home windows Safety > System Safety, and look underneath Core Isolation or Firmware Safety.
4. Disable Firmware Safety through Group Coverage (if restricted by coverage)
If firmware safety settings are hidden as a consequence of Group Coverage, comply with these steps:
Utilizing Group Coverage Editor
Open gpedit.msc.
Navigate to: Pc Configuration > Administrative Templates > System > System Guard > Flip On Virtualization Primarily based Safety
Beneath Safe Launch Configuration, set the choice to Disabled.
Or through Registry Editor
(HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlDeviceGuardScenariosSystemGuard)
“Enabled”=dword:00000000
Essential: A system restart is required for this transformation to take impact.
It’s strongly inspired to check disabling TXT within the BIOS earlier than disabling Safe Boot or virtualization options, as disabling them might have a big influence on the gadget’s safety, efficiency, and usefulness of virtualization software program.
BleepingComputer didn’t check these workarounds, so check them first earlier than rolling out fixes to a number of gadgets.
BleepingComputer contacted Microsoft to study extra about this situation and can replace the story if we obtain a response.
Primarily based on an evaluation of 14M malicious actions, uncover the highest 10 MITRE ATT&CK strategies behind 93% of assaults and the way to defend in opposition to them.
