The latest Windows security update has been locking users out of their PCs and asking them for their BitLocker key
The latest Windows Security update dubbed “KB5012170” was released nearly two weeks ago and since then has been wreaking havoc by locking users out on restart and asking them for their BitLocker key.
KB5012170 was designed to plug some secure Boot holes and Microsoft had this to say about it:
“A security feature bypass vulnerability exists in secure boot. An attacker who successfully exploited the vulnerability might bypass secure boot and load untrusted software.”
According to theregister.com:
“The patch adds the signatures of the known vulnerable UEFI modules to the Secure Boot Forbidden Signature Database (DBX).”
Unfortunately, it is also doing more than that. There are cautions that some OEM firmware won’t permit the upgrade to be installed lurking in the list of known issues. A 0x800f0922 error message or the update failing to install altogether may occur with specific BitLocker Group Policy setups.
Some customers are being prompted for their BitLocker key to regain access to their machines after the update has been loaded and the PC has performed the mandatory restart.
Data security is the goal of the drive encryption feature known as BitLocker. The user must enter a lengthy password as part of the recovery process to regain access to the data.
The problem here is that most people won’t have this BitLocker key on hand for many different reasons including working on a work PC, gifted PC, hand-me-down or just having lost your Passwords.
Fortunately, Microsoft provides a help page that can point most customers in the right direction for finding their BitLocker recovery key.
Finding the key sometimes requires logging into Azure which is not a solution available for everyone.
The Microsoft support page for the KB5012170 update has since acknowledged the issue and assured users that they are working on a resolution to the problem that will be available in an upcoming release.
For the time being, avoiding the update altogether is, in our opinion, the wisest course of action, unless you are confident that you have your BitLocker key on hand in case the problem should arise for you.