In a swift response to escalating user concerns, Microsoft has released an emergency update to address a critical issue stemming from the May 13, 2025, Windows 10 security update (KB5058379). This update inadvertently triggered BitLocker recovery prompts, leading to boot loops and system inaccessibility for numerous users.
The Unfolding Crisis
The problematic update primarily affected systems running Windows 10 22H2 and Windows 10 Enterprise LTSC 2021, especially those equipped with 10th generation or newer Intel vPro processors with Intel Trusted Execution Technology (TXT) enabled. Upon installation, the update caused the Local Security Authority Subsystem Service (LSASS) to terminate unexpectedly, prompting an automatic repair sequence that led to BitLocker recovery screens.
Users found themselves locked out of their systems, unable to proceed without the BitLocker recovery key—a situation particularly dire for those without immediate access to this key. The issue predominantly impacted enterprise environments, as consumer devices typically do not utilize Intel vPro processors.
Microsoft's Emergency Response
Acknowledging the severity of the situation, Microsoft released an out-of-band update, KB5061768, on May 19, 2025. This cumulative update aims to rectify the boot loop and BitLocker recovery issues introduced by the earlier patch. Notably, KB5061768 is not available through the standard Windows Update channel; affected users must manually download and install it via the Microsoft Update Catalog.
To apply the fix, Microsoft advises the following steps:
- Temporarily disable Intel VT for Direct I/O (VTD or VTX) and Intel TXT in the BIOS/UEFI settings. This action will require entering the BitLocker recovery key.
- Install the KB5061768 update.
- After restarting Windows, re-enable Intel VT for Direct I/O and TXT in the BIOS/UEFI settings, which will again prompt for the BitLocker recovery key.
Implications and Precautions
This incident underscores the complexities of system updates and the potential for unintended consequences, particularly in enterprise settings with advanced security configurations. Users are urged to ensure they have access to their BitLocker recovery keys and to exercise caution when applying system updates.
For those unable to install the emergency update immediately, Microsoft suggests disabling Intel TXT in the BIOS as a temporary workaround. However, this approach also necessitates the BitLocker recovery key and may compromise certain security features.