Skip to content
Tech News
← Back to articles

Microsoft fixes BitLocker recovery bug on Windows Server 2025

2026-06-11 | original
read original get BitLocker Encryption Tool → more articles

Microsoft has resolved a known issue causing some Windows Server 2025 devices to boot into BitLocker recovery after installing the April 2026 security update.

The BitLocker security feature encrypts storage drives to prevent data theft and will typically force Windows computers to enter recovery mode after hardware changes or events, such as TPM (Trusted Platform Module) updates, to allow regaining access to protected drives that have not been unlocked via the default unlock mechanism.

"Some devices with an unrecommended BitLocker Group Policy configuration might be required to enter their BitLocker recovery key on the first restart after installing this update," Microsoft said when it acknowledged this issue after the April 2026 Patch Tuesday.

"In this scenario, the BitLocker recovery key only needs to be entered once -- subsequent restarts will not trigger a BitLocker recovery screen, as long as the group policy configuration remains unchanged."

While this issue may also affect some systems running Windows 11, Microsoft says it's unlikely to impact personal devices, as affected configurations are typically found only on enterprise systems managed by corporate IT teams.

As Microsoft explained at the time, this only happens for very specific configurations, on devices where all the following conditions are met:

BitLocker is enabled on the OS drive. The Group Policy "Configure TPM platform validation profile for native UEFI firmware configurations" is configured, and PCR7 is included in the validation profile (or the equivalent registry key is set manually). System Information (msinfo32.exe) reports that the Secure Boot State PCR7 Binding is "Not Possible". The Windows UEFI CA 2023 certificate is present in the device's Secure Boot Signature Database (DB), making the device eligible for the 2023‑signed Windows Boot Manager to be made the default. The device is not already running the 2023-signed Windows Boot Manager.

BitLocker recovery screen (Microsoft)

​During this month's Patch Tuesday, two months after confirming the issue, Microsoft resolved this bug in the KB5094125 (Windows Server 2025) and KB5093998 (Windows 11 23H2) cumulative updates.

"This update addresses an issue where some devices might enter BitLocker Recovery after updating boot files on systems with certain Trusted Platform Module (TPM) validation settings, including invalid PCR7 (Platform Configuration Register 7) configurations," Microsoft said in updated advisories.

... continue reading

Explore topics: bitlocker bitlocker recovery boot issue microsoft
Related:
Jim Cramer says SpaceX’s blockbuster IPO could have major implications for the week ahead
Microsoft Surface Flaw Allowed Unprotected Devices To Be Bricked By a Single Packet
Thrustmaster's new specialized T.Flight Hotas 5 Microsoft Flight Simulator Edition provides a plug-and-play flight sim setup for just $109 — featuring 5-axis control with 16-bit precision and dual-rudder system
Introduction to UEFI HTTP(s) Boot with QEMU/OVMF
Microsoft's bug-hunting nemesis extends vendetta with more zero-day attacks — Nightmare Eclipse publishes RoguePlanet and GreatXML local privilege escalation exploits

© 2026 GoKawiil

About | Editorial Policy | Contact