Security News > 2021 > February > Windows 10 Secure Boot update triggers BitLocker key recovery

Microsoft has acknowledged an issue affecting Windows 10 customers who have installed the KB4535680 security update that addresses a security feature bypass vulnerability in Secure Boot.

Windows versions affected by this vulnerability include multiple Windows 10 releases, Windows 8.1, Windows Server 2012 R2, and Windows Server 2012.

Installing the KB4535680 security update on systems running affected Windows versions might lead to the BitLocker recovery key being requested after rebooting, according to a known issue recently acknowledged by Microsoft.

"If BitLocker Group Policy Configure TPM platform validation profile for native UEFI firmware configurations is enabled and PCR7 is selected by policy, it may result in the BitLocker recovery key being required on some devices where PCR7 binding is not possible," Microsoft explains.

BitLocker is Microsoft's full volume encryption feature that ships with all Windows versions since Windows Vista and uses the XTS-AES encryption algorithm to encrypt computer hard drives or removable drives to prevent data theft or exposure.

Users experiencing BitLocker recovery issues can use the information provided by Microsoft here to locate their recovery key.

News URL

https://www.bleepingcomputer.com/news/microsoft/windows-10-secure-boot-update-triggers-bitlocker-key-recovery/