Microsoft Acknowledges Secure Boot Fix Causes BitLocker Issues on Windows 11

Windows 365

Microsoft has acknowledged a new issue with the recent security update for Secure Boot DBX (KB5012170) and Windows 11, which causes some devices to boot into BitLocker recovery. The company explained on the Windows Health Dashboard that the bug prompts users to enter their BitLocker recovery keys at boot time.

BitLocker is a drive encryption feature that is designed to protect user data on Windows PCs. Microsoft provides BitLocker device encryption support on a wide range of Windows 10 and Windows 11. The BitLocker recovery key is a unique 48-digit numerical password that lets users restore access to data stored on a protected drive.

“Some devices might enter BitLocker Recovery on the first or second restart after attempting to install Security update for Secure Boot DBX ( KB5012170), released August 9, 2022. Note: This issue only affects the Security update for Secure Boot DBX ( KB5012170) and does not affect the latest cumulative security updates, monthly rollups, or security only updates released on August 9, 2022,” the company explained.

Microsoft Acknowledges Secure Boot Fix Causes BitLocker Issues on Windows 11
Source: The Register

Microsoft has provided a temporary workaround solution to address the problem on affected machines. Users who have already installed the KB5012170 update will need to enter the BitLocker Recovery key on Windows start-up. They can follow this step-by-step guide to find their BitLocker recovery key in Windows.

Meanwhile, users who have yet to install KB5012170 or restart their Windows PCs after deploying the update are advised to temporarily disable BitLocker by following these steps:

  1. Run Command Prompt as Administrator and run the following command: Manage-bde -protectors -disable %systemdrive% -rebootcount 2
  2. Download and install the KB5012170 update and reboot the device twice.
  3. BitLocker should now be enabled on the computer, and users can verify its status by running the Manage-bde -protectors -Enable %systemdrive% command.

Microsoft confirmed that the BitLocker issue doesn’t impact users who have rebooted their PCs twice after installing the KB5012170 patch. Moreover, Windows 10 users will not see the BitLocker recovery prompts.

Microsoft warns KB5012170 might cause the 0x800f0922 error

In addition to the BitLocker bug, Microsoft has confirmed an issue that prevents users from installing the security update for Secure Boot DBX on Windows systems. The company says several users have reported that the KB5012170 update fails to install with the 0x800f0922 error.

Notably, the problem affects all supported versions of Windows 10, Windows 11, Windows 8.1, and Windows Server machines. Microsoft is investigating the issue, and users can mitigate the bug by installing the latest UEFI versions on their PCs.