Microsoft Secure Boot Fix sends PCs into BitLocker recovery • The Registry

Windows users are reporting BitLocker issues after installing last week’s security update for Secure Boot.

The problems relate to KB5012170, which is used to plug some Secure Boot holes. This is important for users running a kit with Unified Extensible Firmware Interface (UEFI) firmware. “A security feature bypass vulnerability exists in secure boot,” Microsoft wrote. “An attacker who successfully exploited the vulnerability could bypass Secure Boot and load untrusted software.”

The patch adds the signatures of known vulnerable UEFI modules to the Secure Boot Forbidden Signature Database (DBX).

Unfortunately, it seems to do a little more than that. Lurking in the known issues are warnings that some OEM firmware will not allow the update to be installed. The update may also fail to install with certain BitLocker Group Policy configurations or one 0x800f0922 could be thrown up.

Then there is the triggering of BitLocker recovery, which is not currently listed as a known issue.

The issue occurs at boot and displays the BitLocker recovery screen asking a user to enter a key.

The depressingly familiar swelling of grumbling has started as some users have found themselves with unbootable computers unless they can provide the magic key.

Bitlocker recovery screen

A screenshot sent to us by a reader

to register Reader Anthony contacted us to say that of the 400 PCs his company manages, 2 percent (all Windows 11) started up with a BitLocker recovery screen after the update.

“There seems to be no getting around it if the user doesn’t have the key, which they usually do!”

BitLocker is a drive encryption feature that aims to keep data safe. The recovery process restores access to data and requires the user to enter a long password (or a domain administrator can obtain the password through Active Directory Domain Services). Anthony informed us that he was able to log into Azure and retrieve the recovery keys.

“It’s something the average user certainly couldn’t do,” he said. “It was easy for some, for others a game of detective figuring out which license goes with which machine.”

As for the patch that caused the problem, there are a multitude of candidates (ignoring attack attempts). A possible cause listed by Microsoft in its BitLocker documentation is “updating critical early boot components, such as a BIOS or UEFI firmware upgrade, which will change the associated boot measurements”.

The registry asked Microsoft for an explanation and will update if the company responds.

In the meantime, it would probably be useful to at least know how to get your recovery key before hitting the refresh button. Just in case. ® Microsoft Secure Boot Fix sends PCs into BitLocker recovery • The Registry

Laura Coffey

World Time Todays is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – The content will be deleted within 24 hours.

Related Articles

Back to top button