Windows July security updates send PCs into BitLocker recovery

Microsoft warned that some Windows devices will boot into BitLocker recovery after installing the July 2024 Windows security updates.

The BitLocker Windows security feature mitigates the risk of data theft or information exposure from lost, stolen, or inappropriately decommissioned devices by encrypting the storage drives.

Windows computers can automatically enter BitLocker recovery mode following various events, including hardware and firmware upgrades or changes to the TPM (Trusted Platform Module), to restore access to BitLocker-protected drives that have not been unlocked via the default unlock mechanism.

"After installing the July 2024 Windows security update, released July 9, 2024 (KB5040442), you might see a BitLocker recovery screen upon booting your device.," Microsoft explains on the Windows release health dashboard.

"This screen does not commonly appear after a Windows update. You are more likely to face this issue if you have the Device Encryption option enabled in Settings under Privacy & Security -> Device encryption."

Those impacted by this known issue will be prompted to enter their BitLocker recovery key to unlock the drive, allowing the device to boot normally from the BitLocker recovery screen.

Affected platforms include both client and server Windows releases:

Client: Windows 11 version 23H2, Windows 11 version 22H2, Windows 11 version 21H2, Windows 10 version 22H2, Windows 10 version 21H2. Server: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008.

The BitLocker recovery key can be retrieved by logging into the BitLocker recovery screen portal using your Microsoft account. This support page provides further information on how to find the recovery key in Windows.

Microsoft says it's investigating the issue and will provide an update once more information becomes available.

Similar issues impacted Windows devices in August 2022 after the KB5012170 security update for the Secure Boot DBX (Forbidden Signature Database) triggered 0x800f0922 errors and caused some devices to boot into the BitLocker recovery screen.

More recently, in April 2024, Redmond fixed a known issue causing incorrect BitLocker drive encryption errors in some managed Windows environments, a bug the company tagged in October 2023 (when it was first acknowledged) as a reporting problem with no actual impact on drive encryption.