Microsoft has officially confirmed what some users have been reporting for several days. According to a notification published in the official Windows Health Dashboard information, the recent Security update for Secure Boot DBX (KB5012170) causes computers to boot into BitLocker recovery, prompting users to enter their recovery keys.
Besides officially acknowledging this weird bug, Microsoft revealed temporary workarounds for affected and yet-to-be affected systems:
- Those who have already installed KB5012170 and are now getting BitLocker recovery prompts must enter their BitLocker recovery keys. The official guidance is available in the documentation from Microsoft.
- Those who are yet to install KB5012170 or restart their systems after applying the update can temporarily suspend BitLocker to bypass the bug:
- Run Command Prompt as Administrator and enter the Manage-bde -protectors -disable %systemdrive% -rebootcount 2 command.
- Install KB5012170.
- Restart your computer two times.
- BitLocker should be back running after the second restart. You can verify its status using the Manage-bde -protectors -Enable %systemdrive% command.
Interestingly, Microsoft says the BitLocker bug does not affect all computers. According to Microsoft, users who have successfully restarted their computers twice after applying KB5012170 will not get the BitLocker recovery prompt. Also, the bug does not bother Windows 10 systems, only Windows 11.
Another issue KB5012170 is causing is the 0x800f0922 error when users attempt to install the Security update for Secure Boot DBX. As Microsoft investigates the problem, customers can bypass the bug by updating UEFI to the latest versions.