Microsoft has released out-of-band updates to fix a known issue causing Windows 10 systems to boot into BitLocker recovery after installing the May 2025 security updates.
To fix systems stuck at a BitLocker recovery prompt, install today’s KB5061768 emergency update, available exclusively through the Microsoft Update Catalog. This is also a cumulative update, meaning you won’t have to install any previous updates before deploying the fix for the BitLocker recovery issue affecting your device.
Microsoft says that this known issue affects systems running Windows 10 22H2, Windows 10 Enterprise LTSC 2021, and Windows 10 IoT Enterprise LTSC 2021 with Intel vPro processors (10th gen or later) with Intel Trusted Execution Technology (TXT) enabled.
Consumer devices running Home and Pro editions of Windows 10 are also unlikely to be impacted because home users don’t typically use Intel vPro processors.
“On these systems, installing the May 13, 2025, Windows security update (KB5058379) might cause the Local Security Authority Subsystem Service (LSASS) process to terminate unexpectedly, triggering an Automatic Repair prompting for the BitLocker recovery key to continue,” the company said in an advisory issued today.
If you can’t immediately install the KB5061768 update to revive impacted devices, Microsoft recommends disabling Intel VT for Direct I/O (aka VTD or VTX) and Intel Trusted Execution Technology (TXT) in your BIOS / UEFI settings and toggling them back after installing the update.
The company acknowledged the issue after a wave of reports from Windows users and admins seeing devices unexpectedly displaying a BitLocker recovery screen after entering the Windows Recovery Environment (WinRE) and after installing the KB5058379 cumulative update released as part of the May 2025 Patch Tuesday.
According to Redmond, impacted users who check the Windows Event Viewer can see LSASS errors and installation failure events with 0x800F0845 errors in the System event log.
“On affected devices, upon installing the update, Windows might fail to start enough times to trigger an Automatic Repair,” the company said in a Windows release health update. “On devices with BitLocker enabled, BitLocker requires the input of your BitLocker recovery key to initiate an Automatic Repair.”
In August 2022, Windows devices were hit by a similar issue, which caused devices to boot into the BitLocker recovery screen after installing the KB5012170 security update.
Last year, in August, Microsoft fixed another known issue triggering BitLocker recovery prompts on Windows 10, Windows 11, and Windows Server systems after installing the July 2024 Windows security updates.
Based on an analysis of 14M malicious actions, discover the top 10 MITRE ATT&CK techniques behind 93% of attacks and how to defend against them.
