Full Report
Microsoft has released out-of-band updates to fix a known issue causing Windows 10 systems to boot into BitLocker recovery after installing the May 2025 security updates. [...]
Analysis Summary
# Vulnerability: Windows Update KB5058379 Triggers Unintended BitLocker Recovery
## CVE Details
- CVE ID: Not explicitly provided in the text; this appears to be an update-related bug, not a traditional security vulnerability (no CVE assigned in the summary).
- CVSS Score: N/A (Described as an update bug causing system instability/recovery prompt)
- CWE: N/A (Likely related to OS Update/Configuration Management failure)
## Affected Systems
- Products: Windows 10 (Specific update interaction)
- Versions: Systems attempting to install the KB5058379 cumulative update (part of May 2025 Patch Tuesday).
- Configurations: Devices with BitLocker enabled when repeatedly failing to start, triggering Automatic Repair and subsequently the BitLocker recovery prompt.
## Vulnerability Description
The KB5058379 cumulative update, released during the May 2025 Patch Tuesday cycle, is causing instability on some Windows 10 devices, particularly those with BitLocker enabled. If the OS fails to start enough times following the update installation, it triggers Windows Automatic Repair. Due to the nature of the failure, BitLocker protection locks the system, requiring the user to input the BitLocker recovery key to proceed with the repair, interrupting normal startup. Affected systems may also show LSASS errors and installation failure events (0x800F0845) in the System event log.
## Exploitation
- Status: Not applicable (This is an operational/patch stability bug, not an arbitrary security exploit).
- Complexity: N/A
- Attack Vector: N/A
## Impact
- Confidentiality: Low (BitLocker lock requires the key, preserving data confidentiality, but access is blocked.)
- Integrity: Medium (System instability and failure to boot correctly.)
- Availability: High (Devices are rendered unavailable until the BitLocker recovery key is successfully entered, or the issue is resolved by emergency updates.)
## Remediation
### Patches
- Emergency updates were subsequently released by Microsoft to address the recovery screen loop issue caused by KB5058379. (Specific subsequent KB numbers are not detailed in this excerpt, only that emergency updates were issued.)
### Workarounds
- If a device enters Automatic Repair and prompts for the BitLocker recovery key, users must enter the valid BitLocker recovery key to proceed with the repair process.
## Detection
- Indicators of Compromise:
- Device unexpectedly booting into the BitLocker recovery screen upon startup or after crashes.
- Presence of LSASS errors in the Windows Event Viewer.
- Installation failure events showing error code `0x800F0845` in the System event log following the installation of KB5058379.
- Detection methods and tools: Monitoring Windows Event Logs (System log) for the specific error codes and monitoring user reports of unexpected BitLocker prompts post-update.
## References
- Vendor Advisories: Microsoft Windows release health update referencing the behavior.
- Relevant links:
- bleepingcomputer.com/news/microsoft/microsoft-confirms-may-windows-10-updates-trigger-bitlocker-recovery/
- bleepingcomputer.com/news/microsoft/windows-10-kb5058379-update-triggering-bitlocker-recovery-after-install/
- learn.microsoft.com/en-us/windows/release-health/status-windows-10-22h2#windows-10-might-repeatedly-display-the-bitlocker-recovery-screen-at-startup